Movatterモバイル変換

[0]ホーム
URL:

US5299263A - Two-way public key authentication and key agreement for low-cost terminals - Google Patents

Two-way public key authentication and key agreement for low-cost terminalsDownload PDF

Info

Publication number
US5299263A
US5299263AUS08/026,673US2667393AUS5299263AUS 5299263 AUS5299263 AUS 5299263AUS 2667393 AUS2667393 AUS 2667393AUS 5299263 AUS5299263 AUS 5299263A
Authority
US
United States
Prior art keywords
server
terminal
party
signature
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US08/026,673
Inventor
Michael J. Beller
Yacov Yacobi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nytell Software LLC
Iconectiv LLC
Original Assignee
Bell Communications Research Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bell Communications Research IncfiledCriticalBell Communications Research Inc
Assigned to BELL COMMUNICATIONS RESEARCH, INC.reassignmentBELL COMMUNICATIONS RESEARCH, INC.ASSIGNMENT OF ASSIGNORS INTEREST.Assignors: YACOBI, YACOV, BELLER, MICHAEL J.
Priority to US08/026,673priorityCriticalpatent/US5299263A/en
Priority to US08/101,437prioritypatent/US5406628A/en
Priority to JP6520043Aprioritypatent/JPH08507619A/en
Priority to EP94909772Aprioritypatent/EP0691055B1/en
Priority to CA002157011Aprioritypatent/CA2157011C/en
Priority to DE69426416Tprioritypatent/DE69426416T2/en
Priority to PCT/US1994/001968prioritypatent/WO1994021067A1/en
Publication of US5299263ApublicationCriticalpatent/US5299263A/en
Application grantedgrantedCritical
Assigned to TELCORDIA TECHNOLOGIES, INC.reassignmentTELCORDIA TECHNOLOGIES, INC.CHANGE OF NAME (SEE DOCUMENT FOR DETAILS).Assignors: BELL COMMUNICATIONS RESEARCH, INC.
Assigned to JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENTreassignmentJPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENTSECURITY AGREEMENTAssignors: TELCORDIA TECHNOLOGIES, INC.
Assigned to TELCORDIA TECHNOLOGIES, INC.reassignmentTELCORDIA TECHNOLOGIES, INC.TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTSAssignors: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT
Assigned to WILMINGTON TRUST COMPANY, AS COLLATERAL AGENTreassignmentWILMINGTON TRUST COMPANY, AS COLLATERAL AGENTSECURITY AGREEMENTAssignors: TELCORDIA TECHNOLOGIES, INC.
Assigned to BELL COMMUNICATIONS RESEARCH, INC.reassignmentBELL COMMUNICATIONS RESEARCH, INC.ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS).Assignors: BELLER, MICHAEL J., YACOBI, YACOV
Assigned to TELCORDIA TECHNOLOGIES, INC.reassignmentTELCORDIA TECHNOLOGIES, INC.RELEASE OF SECURITY INTERESTAssignors: WILMINGTON TRUST COMPANY
Assigned to TELCORDIA LICENSING COMPANY LLCreassignmentTELCORDIA LICENSING COMPANY LLCASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS).Assignors: TELCORDIA TECHNOLOGIES, INC.
Assigned to TELCORDIA TECHNOLOGIES, INC.reassignmentTELCORDIA TECHNOLOGIES, INC.RELEASEAssignors: WILMINGTON TRUST COMPANY, AS COLLATERAL AGENT
Assigned to TTI INVENTIONS C LLCreassignmentTTI INVENTIONS C LLCASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS).Assignors: TELCORDIA LICENSING COMPANY LLC
Anticipated expirationlegal-statusCritical
Expired - Lifetimelegal-statusCriticalCurrent

Links

Images

Classifications

Definitions

Landscapes

Abstract

A method for achieving mutual authentication and session key agreement between a first party 12 which has minimal computational resources and a second party 18 which has substantial computational resources utilizes a modular square root operation for certificate authentication and key distribution and an ElGamal, NIST DSS, or other efficient signature operation for obtaining the signature of a message. These operations are highly advantageous in a system with asymmetric resources because the computation power required to perform these operations is far less than the computation power required to invert these operations. The entire mutual authentication and session key agreement method can be carried out using only three modular multiplications on the weak computational side.

Description

RELATED APPLICATION
A patent application entitled "Cryptographic Method for User Authentication and Key Agreement" has been filed for M. J. Beller, L. F. Chang, and Y. Yacobi on Nov. 8, 1991, bears Ser. No. 789,700 now U.S. Pat. No. 5,222,140, issued Jun. 22, 1993 and is assigned to the assignee hereof. The above-identified application contains subject matter related to the subject matter of the present application and is incorporated herein by reference.
FIELD OF THE INVENTION
The present invention relates to a method for achieving mutual authentication and session key agreement between a pair of parties using public key cryptography. In particular, the present invention is applicable to a system wherein one of the parties is computationally weak, i.e., has a minimum of computational capability, and one of the parties is computationally strong, i.e., has a much larger computational capability. In a preferred embodiment of the present invention, complete authentication and session key agreement is achieved between two parties without the exchange of any permanent secrets through the use of only three real-time large modular multiplications performed at the computationally weak party. In contrast, prior art methods for achieving mutual authentication and session key agreement with the same level of security require on the order of 200 real-time large modular multiplications at the computationally weak party.
BACKGROUND OF THE INVENTION
In a portable communication system, users carry low power, low cost, portable digital radio telephone terminals from place to place during and between calls.
Some portable terminals employ a Digital Signal Processor to implement the complicated algorithms that are needed to code speech at low bit rate. Other portable terminals utilize a custom chip for the low bit rate encoding of speech and include a low power microcontroller for handling signalling protocols and other miscellaneous tasks. In either case, a portable terminal must operate for long periods of time on small batteries and a low power implementation of all signal processing operations inside the portable terminal is important. Accordingly, there is a limit on the complexity of any signal processing operation which can take place inside the portable terminal in a short period of time.
In a portable communication system, the portable radio terminals access the local telephone exchange network via a suitably dense matrix of shoebox sized radio ports which are located on utility poles or in buildings. Each port comprises a radio modem. Each port is in turn connected back to the telephone network switching system by way of a server in the form of a port control unit which may be located in a central office building. A port control unit performs a variety of processing functions including converting between a format suitable for use on the radio link between the portable terminal and the radio ports and a format suitable for use in the telephone network switching system.
The portable communication system may be described as being computationally asymmetric. By this it is meant that each connection has a computationally weak party in the form of the terminal--i.e., a party with small computational resources--and a computationally strong party in the form of the server--i.e., a party with large computational resources. Thus algorithms which are used in such an asymmetric system should preferably be computationally asymmetric, i.e., the algorithm should require only a minimum of processing on the computationally weak side while more substantial processing is performed on the computationally strong side.
Because a portable communication system transmits conversations between portable telephone terminals and an array of fixed location ports via radio, the conversations of a portable communication system are more susceptible to eavesdropping than are the conversations of a wireline network.
In addition, unlike wireline telephones, which are tied to a particular wire pair on a particular network, portable telephone terminals roam from place to place and access the network via different ports at different times. The lack of association between user and particular physical location can make a portable communication system vulnerable to attempts at the fraudulent acquisition of services.
The present invention is particularly concerned with message encryption (i.e., the encryption of conversation content), key agreement and distribution (i.e. distribution of the keys required by message encryption techniques) and authentication (i.e. ensuring that a service request is legitimate). In particular, the present invention is concerned with foiling the eavesdropper, i.e., one who utilizes radio equipment to intercept the radio transmissions between the portable terminals and the ports.
Another problem which characterizes portable communication systems is the problem of user traceability. Specifically, if a user transmits identifying information in the clear, it is possible for an eavesdropper to determine the location of the user, so that privacy with respect to a user's location is not maintained. The present invention also relates to maintaining the privacy of a user location.
Eavesdropping can be thwarted through the use of a message encryption technique. A message encryption technique employs an encipherment function which utilizes a number referred to as a session key to encipher data (e.g., conversation content). Only the portable terminal and the specific port control unit with which the portable terminal is in communication should have knowledge of the session key, so that only the proper portable terminal and the port control unit, as paired on a particular conversation, can encrypt and decrypt digital signals. Two examples of encipherment functions are the National Bureau of Standards Data Encryption Standard (DES) (see e.g., National Bureau of Standards, "Data Encryption Standard", FIPS-PUB-45, 1977) and the more recent Fast Encipherment Algorithm (FEAL) (see e.g., . Shimizu and S. Miyaguchi, "FEAL-Fast Data Encipherment Algorithm," Systems and Computers in Japan, Vol. 19, No. 7, 1988 and S. Miyaguchi, "The FEAL Cipher Family", Proceedings of CRYPTO '90, Santa Barbara, Calif., August, 1990). One way to use an encipherment function is the electronic codebook technique. In this technique a plain text message m is encrypted to produce the cipher text message c using the encipherment function f by the formula c=f(m,sk) where sk is a session key. The cipher text message c can only be decrypted with the knowledge of the session key sk to obtain the plain text message m=f-1 (c,sk).
One problem with the use of the encipherment functions such as DES and FEAL in a portable communication system is the problem of session key agreement.
In the conventional session key agreement technique, each portable terminal i has a secret key kj known only to it and a cryptographic database DB. Similarly, each port control unit j has a secret key kj, known only to it and the cryptographic database DB. At the start of a communication session, the portable terminal i sends a service request and its identity i in the clear to a port control unit j. The port control unit sends the pair (i,j) to the cryptographic database DB. The DB picks a random session key sk and sends to the port control unit j the pair ci,cj where ci =f(kj,sk) and cj =f(kj,sk). The port control unit j deciphers cj to find sk and sends ci to the portable terminal i. The portable terminal i deciphers ci to find sk. Now both the port control unit j and the portable terminal i are in possession of the session key sk. Thus, enciphered messages c=(m,sk) can be transmitted back and forth between the portable terminal i and the port control unit j.
This approach has several advantages. First the approach requires minimal power in the portable terminal because it utilizes only conventional cryptography. In particular, the computation power required to evaluate f and f-1 is quite small.
In addition, the conventional key distribution approach is also self-authenticating because a portable telephone trying to impersonate the portable telephone i must know the ostensibly secret key ki ahead of time.
On the other hand, the conventional key distribution protocol requires a database of secret cryptographic keys, which is hard to protect and maintain, and adds survivability and reliability problems to the system. A primary weakness is that a potential eavesdropper can obtain the key ki for the portable telephone i once, and can subsequently intercept all of i's conversations without i knowing about it. This is the worst kind of damage that can occur; undetectable compromise of privacy. Also, the conventional key distribution protocol has a traceability problem. A portable terminal must announce its identity in the clear before a session key can be fetched from the database. Thus, an eavesdropper can determine the location of a particular portable.
Another approach to session key distribution and party authentication in a portable communication system is to use public key cryptographic techniques. In a typical public key cryptographic system, each party i has a public key Pi and a secret key Si. The public key Pi is known to everyone, but the secret key Si is known only to party i. A message m to user i is encrypted using a public operation which makes use of the public key known to everyone, i.e., c=P(m,Pi) where c is the encrypted message, m is the clear text message, Pi is the public key and P signifies the public operation. However, this message is decrypted using an operation which makes use of the secret key Si, i.e., m=S(c,Si) where s signifies the operation. Only the party i which has the secret key Si can perform the operation to decrypt the encrypted message.
Public key cryptographic techniques can be used for the distribution of session keys to the parties in a portable communication system. (See the above-identified U.S. patent application, Ser. No. 789,700). Public key cryptographic techniques can also be used for party authentication in a portable communication system.
One way to use public key cryptography for authentication is to use a signature system. If it is true that P(S(m,Si),Pi)=m, then the owner of the corresponding keys Pi, Si, could sign message m by producing c=S(m,Si). The verifier, given m and c will verify m=P(c,Pi). A signature system could be used for verification as follows: If it is well known that party i's public key is Pi and some party claims to be i, challenge the party claiming to be i with message m and ask the party to sign the message m using his secret key Si ; then verify the signature using Pi.
Another aspect of party authentication relates to authentication of a party's public key Pi. A user claiming to be i can provide his public key provided it is certified by a trusted central authority such as a network administrator. The trusted central authority itself has a well known public key Pu. The certification is a signature of the trusted authority on a linkage between the user's identification i and his public key Pi.
The highest level of security for session key distribution, and mutual party authentication based on public key cryptography:
1) avoids the use of an on-line centralized database of secret information,
2) hides the identity of a user from an eavesdropper
3) achieves mutual authentication and session key agreement between the parties, in such a way that they do not exchange any permanent secrets.
To achieve this highest level of security using RSA, the most well-known public key algorithm (see e.g., R. L. Rivest, A. Shamir, L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems", Communications of the ACM, vol. 21, no. 2, pp. 120-126, February 1978), each of the parties must perform on the order of 200 large modular multiplications (where the numbers involved are over 500 bits in length). Using the algorithms described in the above-identified U.S. patent application Ser. No. 789,700, this highest level of security requires about 200 modular multiplications.
The problem with these prior art algorithms is that a large amount of computations is required by both parties. This is not suitable in an asymmetric system wherein one side (e.g., the terminal or portable telephone) has only weak computational resources and one side (e.g., the server or port control unit), has strong computational resources. The prior art algorithms are not sufficiently asymmetric so that only a very small amount of computations need to be performed on the weak side.
Accordingly, it is an object of the present invention to provide a public key cryptographic method for key distribution and mutual party authentication with a high level of security in an asymmetric system where one of the parties is computationally weak and the other party is computationally strong.
SUMMARY OF THE INVENTION
The present invention is directed to a method for achieving mutual authentication and session key distribution for a communication session between two parties where the first party is computationally weak, i.e., has limited computational resources, and the second party is computationally strong, i.e., has substantial computational resources. For example, the first party may be a terminal in the form of a portable telephone and the second party may be a server in the form of a port control unit in a wireless personal communication system.
In accordance with the invention, two highly asymmetric public key cryptographic operations are utilized. A modular square root operation is used for certificate authentication and session key distribution. An ElGamal signature operation (see, e.g., T. ElGamal, "A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms", IEEE Trans. IT, Vol. IT-31, No. 4, July 1985, pp. 469-472) is used to obtain and verify the signature of the computationally weak party. When these operations are used the entire mutual authentication and session key distribution method requires only three real-time modular multiplications at the computationally weak party. The modular square root and ElGamal operations are extremely well suited for the asymmetrical system described above. They utilize encryption operations which require little real-time computation power and which can be performed at the computationally weak side portion, while the inverse decryption operations which require significant computational power can be performed at the computationally strong side party.
In accordance with a preferred embodiment of the inventive method, in a first phase, a public key of the server (computationally strong side) as well as a certificate of the server is transmitted to the terminal (computationally weak side). The certificate of the server is verified. A random number x=(xL,xR) where (xL,xR) signifies the concatenation of two numbers xL and xR is chosen at the terminal and encrypted by squaring x using the public key of the server as a modulus (see, e.g., M. O. Rabin, "Digitalized Signatures and Public Key Functions as Intractable as Factorization", MIT Laboratory for Computer Science, TR 212, January 1979). The result is transmitted to the server which inverts the squaring operation using its secret key. Thus, both sides are in possession of x. Thus, x or xL or xR may be used as the session key. The number xL or xR may be transmitted back from the server to the terminal to verify that the server was in fact able to obtain x. In a later phase, a public key of the terminal and a certificate of the terminal are sent to server encrypted conventionally using the session key. The terminal certificate is verified at the server. An ElGamal signature of a challenge from the network is computed at the terminal, is encrypted conventionally using the session key, and is transmitted to the server. The ElGamal signature operation is inverted at the server using the previously transmitted public key of the terminal to verify the signature. In an alternative embodiment, the National Institute of Standards in Technology (NIST) Digital Signature Standard (DSS) algorithm can be used as the signature scheme instead of using an ElGamal scheme. In further alternative embodiments, any signature system which is efficient for the signer could be used in place of the ElGamal scheme. For example, the following systems may be used: Even Goldreich and Micali (S. Even, O. Goldreich, S. Micali, "On-Line/Off-Line Digital Signature Schemes", in "Advances in Cryptology-CRYPTO '89 Proceedings," G. Brassard (ed.), Lecture Notes in Computer Science, Vol. 435, Springer-Verlag, 1990,pp. 263-275.), Schnorr (C. P. Schnorr, "Efficient Signature Generation by Smart Cards", "Journal of Cryptology, Vol. 4, No. 3, 1991, pp 161-174), Shamir (A. Shamir, "An Efficient Identification Scheme Based on Permuted Kernels-Extended Abstract", Proceedings of CRYPTO '89, G. Brassard, Ed., LNCS 435,pp. 606-609), or Fiat and Shamir (A. Fiat, A. Shamir, "How to Prove Yourself: Practical Solutions to Identification and Signature Problems", Proceedings of CRYPTO '86, A. M. Odlyzko, Ed., LNCS 263, 1987, pp. 186-194).
In addition to requiring very little computational resources at the weak side party, the inventive method has some other significant advantages. The individual building blocks of the inventive method (modular square root and ElGamal signature in the preferred) are made inseparable by using the session key obtained in the first phase to encrypt transmissions in the second phase, thereby protecting against the possibility of "cut in the middle" attacks. In addition, in a wireless personal communication system, the inventive method provides security against eavesdroppers and provides privacy of the user's location. No permanent secrets of an individual user are disclosed to the network and no secret information is stored in a vulnerable on-line database.
The invention has mainly been described in connection with a portable communication system and specifically a portable communication system wherein the portable terminals are portable telephones. However, it should be noted that the portable terminals may also be portable computers or portable fax machines or other devices which transmit data to and receive data from a port control unit of a portable communication system.
In general, the invention is applicable to any system wherein a terminal and a server communicate with one another in an environment where there is a need for session key distribution for encryption and mutual party authentication. The invention is applicable especially where the computational resources of the terminal are much smaller than the computational resources of the server. For example, the terminal (i.e., weak side party) may be a smart card and the server (strong side party) may be a smart card base unit. Alternatively, the terminal may be an Analog Display Services Interface (ADSI) terminal used for home banking, for example, and the server may be an ADSI cryptoserver. Another application could be a computer client/server system, where many client computers access a single server. It is possible that such clients and servers will have comparable computing power. In this case it may be advantageous to perform the "weak side" computations in the server to balance the computational load.
BRIEF DESCRIPTION OF THE DRAWING
FIG. 1 schematically illustrates a portable communication system.
FIG. 2 schematically illustrates a session key distribution and mutual party authentication protocol according to an illustrative embodiment of the present invention.
DETAILED DESCRIPTION OF THE INVENTION
The detailed description of the invention is divided into the following sections. Section A describes a portable communication system. Section B describes the Rabin modular square root public key operation. Section C describes ElGamal signature operation. Section D describes public key certificates. Section E describes an illustrative session key distribution and mutual authentication protocol in accordance with an embodiment of the invention.
A. PORTABLE COMMUNICATION SYSTEM
Aportable communication system 10 is schematically illustrated in FIG. 1. Thesystem 10 comprises a plurality of low power, low cost portabledigital radio terminals 12. Theportable terminals 12 are carried from place to place by their users. Illustratively, theterminals 12 are portable telephones.
Theportable terminals 12 communicate with the localexchange telephone system 20. The localexchange telephone system 20 is represented in FIG. 1 by thecentral office 22, thecentral office 24, and thecustomer premises equipment 26 and 28 connected bywire lines 27 and 29, respectively, to thecentral office 22.
As indicated above, some portable telephones employ a Digital Signal Processor (DSP) to implement the complicated algorithms that are needed to code speech at low bit rates. Other portable telephones utilize a custom chip for the low bit rate coding of speech and include a low power general purpose microcontroller for handling signalling protocols and other miscellaneous tasks. In any case, a portable telephone or other portable terminal must operate for long periods of time on small batteries and low power implementation of all signal processing operations inside the portable terminal is important.
Theportable terminals 12 access the localexchange telephone system 20 via theports 14. A specificportable terminal 12 and aspecific port 14 communicate via a radio link, schematically illustrated in FIG. 1 by thearrow 16. Theports 14 are typically of shoebox size and are located on utility poles or buildings. Each of theports 14 comprises a simple radio modem.
Theports 14 connect back to the localexchange telephone system 20 via thelines 17 and the servers orport control units 18. Theport control units 18 are generally located in a central office building and perform a variety of signal processing functions. Specifically, aport control unit 18 translates between a format suitable for transmission via theradio link 16 and a format suitable for use in theswitching system 23 of thecentral office 22. Eachport control unit 18 also does speech transcoding and performs signal processing necessary for encryption and decryption of messages over theradio link 16.
B. RABIN MODULAR SQUARE ROOT OPERATION
Let p and q be two secret primes, and N=pq. Each user has a pair of secret and public keys, where the public key is a composite number, such as the above N, and the secret is its factorization p and q. To encrypt a message x, intended for the owner of the above keys, one computes
y≡x.sup.2 mod N                                      (1)
i.e., just one large multiplication. It has been proven that computing x given y and N is as hard as factoring N and is therefore a difficult task unless the secret prime numbers P and q are known.
Given y, p and q it is easy to find x (at a cost equivalent to about 200 large multiplications). Specifically, primes p and q are used such that p≡q≡3 mod 4 to find x=xp mod p, and x=xq mod q. It is easy to see, using Fermat's little theorem, that if
x.sub.p ≡y.sup.(p+1)/4 mod p, and x.sub.q ≡y.sup.(q+1)/4 mod q,(2)
then
x.sub.p.sup.2 ≡y mod p,                              (3)
x.sub.q.sup.2 ≡y mod q                               (4)
from which, using Chinese Remaindering, there can be computed
x≡x.sub.p ·q·1.sub.i +x.sub.1 ·p·p.sub.i mod pq,                      (5)
where qi and pi have been chosen so that:
q.sub.i ≡q.sup.-1 mod p, and p.sub.i ≡p.sup.-1 mod q. (6)
Note that there is an ambiguity in using this technique for encryption, because if xp is a solution to (3), then so is -xp mod p. Likewise, if xq is a solution to (4), then so is -xq mod q. Thus the congruence (1) usually has four solutions. To resolve this ambiguity, x is chosen by the sender to contain some previously-agreed-upon pattern. The decrypting party then selects this "colored" solution. For example, if x contains all zeroes in the least significant 30 bits, there is roughly a one in a billion probability that the ambiguity will remain, in which case the protocol can simply be aborted and re-executed.
As used herein, the above procedure for solving Eq. (1) for x given y , is denoted as ##EQU1##
This technique can also be used to generate an unforgeable signature. To create a signature on message m, a user with widely-known public key N (which is the product of secret primes p and q), can compute signature s as ##EQU2## using the secret keys P and q in accordance with the procedure shown above. Any party wishing to verify the signature just checks whether the above congruence is true. This verification requires only a single modular multiplication. On the other hand, it is computationally infeasible to forge a signature because the potential forger must know the secret keys p and q, the factors of N. For this signature scheme no coloring is needed for the signature, however, coloring is needed for the message, to prevent the Rabin "paradox" attack (S. Goldwasser, S. Micali, R. L. Rivest, "A Digital Signature Scheme Secured Against Chosen Message Attacks", SIAM J. On Comput., Vol. 17, No. 2, 1988, pp. 281-308). This attack is feasible whenever the victim is willing to extract modular square roots of any arbitrary integer, and expose the result to the attacker. Also, the victim has to choose one of the possible roots at random, i.e., if the "correct" root is colored, and the victim returns the colored root then the attack will fail. Otherwise, this attack leads to efficient factorization of the victim's modulus. In the inventive protocol this attack is not feasible.
C. ELGAMAL SIGNATURES
Let Pa and Sa be the public and secret keys of user a, where Pa ≡αSa mod NS. NS, the ElGamal signature modulus is either prime or composed of the product of two primes, and α is a generator in the maximal cyclic subgroup of the multiplicative group of integers modulo NS, Z*Ns (see, e.g., N. Koblitz, "A Course in Number Theory and Cryptography," Springer Verlag, 1987, p. 32). An ElGamal signature (see, e.g., T. ElGamal, "A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms", IEEE Trans. IT, Vol. IT-31, No. 4, July 1985, pp. 469-472) by user a, on message m is an ordered pair (v,w), for which
P.sup.v.sub.a ·V.sup.w ≡α.sup.m mod N.sub.S(9)
Thus a recipient of a signature can easily verify it. To create a signature, user a chooses a random number r, and computes v≡αf mod N. From (9) it follows that
S.sub.a ·v+r·w≡m mod φ(N.sub.S)(10)
where φ(N) is the Euler totient function. It follows that a, who (is the only one who) knows Aa, can compute w, provided gcd(r,φ(N))=1, where gcd means greatest common divisor.
It is believed to be hard for anybody not knowing Sa to forge a signature on a pre-specified message, given certain precautions are taken.
Since r,v,r31 1 and Sa ·v could be prepared ahead of time (they are independent of the message to be signed), the only significant on-line (i.e., real-time) operation is the multiplication by r-1 in
w≡(m-S.sub.a v)·r.sup.-1 mod φ(N.sub.s) (11)
It is important to note that the value r, chosen randomly by the signer, must change with every signature. Otherwise the signer's secret Sa can be revealed.
D. PUBLIC KEY CERTIFICATES
Public key certificates are the signature of a trusted authority on the linkage of an identity and the corresponding claimed public key. There is a Central Authority (CA) with a secret key pu and qu and public key Nu =pu ·qu. The Central Authority is an off-line trusted entity. When a terminal (e.g., portable communication unit) or network server (e.g., port control unit) is initialized, it is given a unique identity i, it chooses its own secret key, pi, qi or Si, and computes the corresponding public key, either Ni in accordance with the Rabin modular square root scheme, or Pi in accordance With the ElGamal scheme.
The CA then provides the terminal or server with its signature on a linkage between i and Ni in the case of a Rabin scheme (or i and Pi in ElGamal). A linkage can be a one-way hashing of the concatenation of the involved items. During a communication session, a terminal with ElGamal public key Pi sends its identity, public key, and certificate to the network server. Once the certificate is verified by the server, a process which requires one squaring modulo Nu and which proves that the CA agreed to the linkage between the identity and public key, the terminal can prove its identity by performing a signature to a random challenge message m using the secret key associated with Pi.
Similarly, the server can send its identity, public key, and certificate to the terminal. The terminal can square the certificate modulo Nu to confirm the linkage, and send a message to the server, encrypted with the server's verified public key. The server can prove its identity by performing the secret operation (decryption) associated with the public key.
E. SESSION KEY DISTRIBUTION AND MUTUAL AUTHENTICATION PROTOCOL
FIG. 2 illustrates a session key distribution and mutual authentication protocol in accordance with an embodiment of the invention. The protocol may be used at the start of each communication session between a computationally weak terminal (e.g., portable communication unit, ADSI, smart card) and a computationally strong network server (e.g., port control unit ADSI network cryptoserver, smart card base unit).
To use the protocol, the terminal and server are assumed to be initialized. When the server is initialized (part (a) of FIG. 2), it picks a Rabin secret key pj,qj and a corresponding public key Nj =pj ·qj. The corresponding public key Nj is transmitted to the central authority u. The central authority picks a unique identity j for the server. The central authority also computes the certification cj which is illustratively a Rabin signature (i.e., modular square root) on h(j,Nj) where h represents a hashing of a linkage comprised of j and Nj, i.e., Cj ≡√h(j,Nj) mod Nu, where Nu =pu qu is a modulus of the central authority u. The central authority then transmits j,cj, α (the ElGamal generator), NS (the ElGamal modulus) and Nu to the server j. The server then stores j, cj, Nj α, NS , Nu.
When a terminal (part (b) of FIG. 2) is initialized, the central authority picks and transmits a unique identity i to the terminal. The central authority also transmits α, N. and Nu to the terminal. The terminal i chooses a secret key Si and generates the associated public key Pi in accordance with the ElGamal operation described above. The public key Pi is transmitted to the central authority u. The central authority u provides the terminal i with a certificate in the form of a Rabin signature (i.e., modular square root) on h(i,Pi), i.e., ci ≡√h(i,pi) mod Nu. The terminal i also stores Nu the public key of the central authority u and ci, Si, Pi, NS and Nu.
Part (c) of FIG. 2 shows the precomputation that is performed once per protocol execution but prior to the actual time of protocol of execution. The precomputation is required for the ElGamal signature operation. To perform the precomputation the terminal i picks a random number r and computes and stores v=αr mod NS, r-1 mod φ(NS, and Si v mod φ(Ns).
At the start of a communication session as shown in part (d) of FIG. 2, the network server sends its identity j, public key Nj, and certificate cj to the terminal. The terminal verifies the certificate cj by squaring it modulo the central authority's public key Nu. If it is correct, the terminal picks a random number x, considered to be a concatenation of two halves xL,xR, and "color" (e.g., k leading or trailing zeros as indicated by the symbol Ok). The terminal then encrypts x. The encryption involves performing an operation Y=o(x) which preferably involves only a single modular multiplication. For example, y=o(x)≡x2 mod Nj. The terminal then transmits y to the network server. The network server decrypts y by performing the operation x=o-1 (y) ≡√y mod Nj, chooses the root with correct "color", and sends xL back to the terminal to prove it was able to decrypt and is therefore an authentic network server. Note that the Rabin "paradox" attack is infeasible here, because the server does not respond with arbitrary root, but returns the same root that the terminal chose (and, in fact, only a portion, e.g., xL, of that root). The number xR which is now known exclusively by both the terminal and the server serves as a session key.
From this point on the protocol messages (and ensuing conversation) are encrypted with a conventional cipher function using xR as the session key in order to hide the identity of the terminal from an eavesdropper on the communication channel between the terminal and server. This is useful especially in a portable telephone, where customer location information should be hidden from an eavesdropper.
The terminal then sends its identity i, public key Pi and certificate ci to the server. The server Verifies the certificate by squaring modulo the central authority's public key. The server then sends a random challenge to the terminal in the form of message m. The terminal proves its identity by returning an ElGamal signature on the random challenge. The signature requires only one real-time modular multiplication in the terminal if the above-specified "pre-computations" are performed ahead of time. The server then verifies the signature.
A variation on this protocol is for each terminal to have its own public ElGamal modulus NiS with secret prime factors piS and qiS known only to terminals. In this case, NiS has to be transmitted to server j in order for the server j to invert the signature operation. Thus, the certificate ci of terminal i now takes the form ci ≡√h(i,Pi,Ni) mod Nu instead of ci ≡√h(i,Pi) mod Nu.
In another variation of this protocol, the third transmission of the real-time protocol (the transmission of the message xL) is omitted, and instead the challenge (m) is required to have some agreed-upon pattern or "color". After decryption of the message transmitting m (using the conventional cipher with key xR), party i verifies that the expected pattern is present. Party i aborts the protocol if the expected pattern is not present. This completes the authentication of the network side j by the terminal i. The remainder of the protocol executes as previously stated.
This protocol achieves full fledged public key two way authentication plus session key agreement, which is inseparable from the authentication process. All this is done at a cost of three on-line large multiplications for the computationally weak side (plus a few hundred off-line large multiplications, and potentially around 100 bytes of added memory). In comparison RSA achieves this level of security at the cost of a few hundred large on-line (real-time) multiplications on both sides. For PCS handsets, this difference is crucial. Even for ADSI terminals, that do not have problems of power or space, this is important, because the complexity of the proposed protocol is low enough to provide good real-time performance without requiring a high-performance processor such as a Digital Signal Processor or special modular exponentiation circuitry in the terminal. Such a processor, which is required for adequate real-time performance with RSA, could increase the cost of a terminal by as much as $100.
For an 8-bit micro-controller which would be expected to be present in PCS handsets and ADSI terminals, computation of a single modular multiplication takes on the order of 0.1 seconds. Analysis of this protocol shows that the handset or terminal must perform only 3 modular multiplications in real time, requiring around 0.3 seconds processing time. (Compare this with roughly 20 seconds for RSA). Processing time in the network side can be assumed negligible because the network is assumed to be computationally strong. Transmission time will add to the protocol execution time. But some messages can be combined to reduce transmission time while retaining the security of the protocol.
Note, however, that a precomputation on the order of 200 modular multiplications (20 seconds on an 8-bit micro) is required in the terminal for each execution of the protocol because the value r must change with every signature. This can be done well in advance, and the results stored for use in future transactions.
CONCLUSION
A protocol which enables session key agreement and mutual authentication between a terminal and a server has been disclosed. The protocol requires only minimal processing on one side. This makes the protocol ideal for PCS handsets, ADSI terminals, and smart cards. The protocol supports location/identity hiding which is especially important for a PCS.
Finally, the above-described embodiments of the invention are intended to be illustrative only. Numerous alternative embodiments may be devised by those skilled in the art without departing from the scope of the following claims.

Claims (37)

We claim:
1. A method for achieving mutual identification and session key agreement between a terminal and a server at the start of communication session comprising the steps of
(a) transmitting from the server to the terminal an identity j of the server, public key Nj of the server and a certificate Cj of the server which certificate Cj, if valid, is congruent to √h(j, Nj)mod Nu where Nj is a public key of the server, Nu is a public key of a central authority, and h() signifies a one-way hashing function,
(b) at the terminal, verifying that said transmitted certificate Cj received at the terminal satisfies h(j, Nj)≡cj2 mod Nu,
(c) at the terminal, choosing a random number x≡(xL xR) and obtaining y≡x2 mod Nj and transmitting y to said server,
(d) at said server, performing the modular square root operation to obtain x=(xL, xR)≡√y mod N by using secret keys of the server pj,qj, such that Nj =pj qj, and transmitting xL back to the terminal,
(e) transmitting, from the terminal to the server, an identity i of the terminal, a public key Pi of the terminal, and a certificate ci of the terminal which certificate ci, if valid, is congruent to √h(i,Pi) mod Nu, wherein the identity i, the public key Pi and the certificate ci are encrypted using xR as a session key,
(f) at the server, verifying that the received certificate ci satisfies h(i,Pi)≡Ci2 mod Nu,
(g) computing at the terminal a signature S(m) based on a challenge message m sent by the server by applying an asymmetric signature operation to said challenge message m, and transmitting the signature to the server in encrypted form using xR as a session key, and
(h) verifying the signature at the server.
2. The method of claim 1 wherein said signature s(m) is given by the ordered pair (v,w) for which:
P.sub.i.sup.v v.sup.w ≡α.sup.m mod N.sub.s
where
Pi is said public key of the terminal,
Ns is a signature modulus which is a prime number or the product of two prime numbers,
α is a generator in the maximal cyclic subgroup of the multiplicative group of integers modulo Ns /Z*ns.
3. The method of claim 2 wherein said step of evaluating a signature s(m) on a message m comprises
performing the real time operation
w=(m-S.sub.i v)*r.sup.-1 mod φ(N.sub.s)
where r is a predetermined number,v≡αr mod Ns, φ(N) is the Euler totient function, and gcd(r,φ(N))=1.
4. The method of claim 3 wherein the value of r is chosen randomly each time the terminal evaluates a signature
5. The method of claim 3 wherein a terminal i has a separate signature modulus NiS and wherein the certificate of the terminal i is of the form ci =√h(i,pi, NiS) mod Nu.
6. The method of claim 1 wherein said signature operation is an ElGamal signature operation.
7. The method of claim 1 wherein said signature S(m) is computed according to the National Institute of Standards and Technology Digital Signature Standard Algorithm.
8. The method of claim 1 wherein said communication session is aborted if the certificate cj received at said terminal does not satisfy cj2 mod Nu =h(j,Nj).
9. The method of claim 1 wherein said communication session is aborted if the certificate cj received at the server does not satisfy ci2 mod Nu =h(i,Pi).
10. The method of claim 1 wherein said terminal is a terminal of a portable communications system and said server is a port control unit of said portable communication system.
11. The method of claim 10 wherein said terminal is a portable telephone.
12. The method of claim 1 wherein the terminal is a smart card and the server is a smart card base unit.
13. The method of claim 1 wherein the terminal is an Analog Display Service Interface (ADSI) terminal and said server is an ADSI network cryptoserver.
14. The method of claim 1 wherein said terminal is computationally weaker than said server.
15. The method of claim 13 wherein said initialization step further comprises selecting said secret key si and generating the corresponding public key pi, forming the certificate ci at the central authority and transmitting the certificate ci to the terminal, and transmitting the public key Nu of the central authority to the terminal.
16. The method of claim 1 wherein prior to any communication session said server is initialized by selecting for the server its secret key pj qj, and its public key Nj =pj qj transmitting the public key Nj to the central authority, forming the certificate cj at the central authority and transmitting the certificate cj to the server, and transmitting said public key Nu from said central authority to said server and storing the key Nu at said server.
17. The method of claim 1 further comprising the step of, at the server, identifying the proper root when computing √y mod Nj by providing said random number with color.
18. A method for achieving mutual authentication and session key agreement between a server and a terminal comprising the steps of
(a) transmitting a certificate of said server from said server to said terminal,
(b) verifying the authenticity of said certificate of said server at said terminal,
(c) distributing a session key to said terminal and server by selecting a random number x at said terminal, encrypting sad umber x at said terminal by performing at said terminal an asymmetric public key operation which can only be inverted with the knowledge of a secret key of said server,
(d) transmitting said number x in encrypted form from said terminal to said server and inverting said operation suing said secret key of said server to obtain x at said server,
(e) transmitting a certificate of said terminal from said terminal to said server encrypted using a session key, wherein said session key is based on said number x,
(f) verifying the authenticity of said terminal certificate at said server,
(g) evaluating a signature S(m) of a message m at said terminal using an asymmetric signature operation, and
(h) transmitting the signature to said server in encrypted form using said session key and inverting the signature operation at said server.
19. The method of claim 18 wherein said step (a) comprises transmitting from said server to said terminal an identity j of said server, a public key Nj of said server and a certificate cj which if valid is of the form cj ≡√h(j,Nj) mod Nu where Nu is a public key of a central authority.
20. The method of claim 19 wherein said step (b) comprises determining if h(j,Nj)≡cj2 mod Nu.
21. The method of claim 18 wherein said asymmetric public key operation is y≡cj2 mod Nj, where Nj is a public key of the server.
22. The method of claim 21 wherein s=(xL, xR), wherein xR is said session key, and wherein x is provided with color which is used at said server to identify the proper root of x2 mod Nj.
23. The method of claim 18 wherein said step (e) comprises transmitting an identity i of said terminal, a public key Pi of said terminal and a certificate ci of said terminal which if valid is of the form ci ≡√h(i,Pi) mod Nu.
24. The method of claim 23 wherein said step (f) comprises determining if h(i,Pi)≡ci2 mod Nu.
25. The method of claim 18 wherein said signature operation is an ElGamal signature operation.
26. A method for achieving mutual authentication and session key agreement between a first party and a second party at the start of a communication session comprising the steps of
(a) distributing a session key between said parties by selecting a random number at said first party, encrypting said random number using an asymmetric public key encryption operation, transmitting the encrypted random number to the second party, and inverting said encryption operation at said second party to obtain said random number, and
(b) at said first party, performing an asymmetric signature operation on a message m to obtain a signature S(m), encrypting said signature S(m) using an encipherment function and a session key which is based on said random number, and transmitting the encrypted signature S(m) to said second party, and at said second party, decrypting said signature S(m) and inverting said signature operation.
27. The method of claim 26 wherein said public key encryption operation comprises squaring said random number utilizing only a single modular multiplication at said first party.
28. The method of claim 26 wherein said signature operation is an ElGamal signature operation which utilizes only a single real time modular multiplication at said first party.
29. The method of claim 26 further comprising the step of authenticating a certificate of said second party at said first party by performing only a single modular multiplication at said first party.
30. The method of claim 26 further comprising the step of authenticating a certificate of said first party at said second party.
31. The method of claim 26 wherein said second party has more computational resources than said first party.
32. The method of claim 31 wherein the terminal is an Analog Display Server Interface (ADSI) and the server is an ADSI network crypto server.
33. The method of claim 26 wherein said first party is a terminal of a portable communication system and the second party is a port control unit of the portable communication system.
34. The method of claim 26 wherein the first party is a terminal and the second party is a server.
35. The method of claim 34 wherein said terminal is a smart card and said server is a smart card base unit.
36. The method of claim 26 wherein the first party is a server and the second party is a terminal or workstation.
37. A method for achieving mutual authentication and session key agreement between first and second parties communicating via a communication medium comprising:
(a) transmitting a certificate of said second party for said second party to said first party,
(b) verifying the authenticity of said certificate of said second party at said first party,
(c) distributing a session key to said first and second parties by selecting a random number x at said first party, encrypting said number x at said first party by performing at said first party an asymmetric public key operation which can only be inverted with the knowledge of a secret key of said second party,
(d) transmitting said number x in encrypted from said first party to said second party and inverting said operation using said secret key of said second party,
(e) transmitting a certificate of said first party from said first party to said second party encrypted using a session key based on said number x,
(f) verifying the authenticity of said certificate of said first party at said second party,
(g) evaluating a signature S(m) of a message m at said first party using an asymmetric signature operation,
(h) transmitting the signature to said second party in encrypted form using said session key and inverting the signature operation at the second party.
US08/026,6731993-03-041993-03-04Two-way public key authentication and key agreement for low-cost terminalsExpired - LifetimeUS5299263A (en)

Priority Applications (7)

Application NumberPriority DateFiling DateTitle
US08/026,673US5299263A (en)1993-03-041993-03-04Two-way public key authentication and key agreement for low-cost terminals
US08/101,437US5406628A (en)1993-03-041993-08-02Public key authentication and key agreement for low-cost terminals
CA002157011ACA2157011C (en)1993-03-041994-02-25Method for two-way public key authentication and key agreement for low-cost terminals
EP94909772AEP0691055B1 (en)1993-03-041994-02-25Two-way public key authentication and key agreement for low-cost terminals
JP6520043AJPH08507619A (en)1993-03-041994-02-25 Two-way public key verification and key matching for low cost terminals
DE69426416TDE69426416T2 (en)1993-03-041994-02-25 BIDIRECTIONAL AUTHENTICATION WITH PUBLIC KEY AND KEY AGREEMENT FOR COST-EFFECTIVE TERMINALS
PCT/US1994/001968WO1994021067A1 (en)1993-03-041994-02-25Two-way public key authentication and key agreement for low-cost terminals

Applications Claiming Priority (1)

Application NumberPriority DateFiling DateTitle
US08/026,673US5299263A (en)1993-03-041993-03-04Two-way public key authentication and key agreement for low-cost terminals

Related Child Applications (1)

Application NumberTitlePriority DateFiling Date
US08/101,437Continuation-In-PartUS5406628A (en)1993-03-041993-08-02Public key authentication and key agreement for low-cost terminals

Publications (1)

Publication NumberPublication Date
US5299263Atrue US5299263A (en)1994-03-29

Family

ID=21833192

Family Applications (2)

Application NumberTitlePriority DateFiling Date
US08/026,673Expired - LifetimeUS5299263A (en)1993-03-041993-03-04Two-way public key authentication and key agreement for low-cost terminals
US08/101,437Expired - LifetimeUS5406628A (en)1993-03-041993-08-02Public key authentication and key agreement for low-cost terminals

Family Applications After (1)

Application NumberTitlePriority DateFiling Date
US08/101,437Expired - LifetimeUS5406628A (en)1993-03-041993-08-02Public key authentication and key agreement for low-cost terminals

Country Status (6)

CountryLink
US (2)US5299263A (en)
EP (1)EP0691055B1 (en)
JP (1)JPH08507619A (en)
CA (1)CA2157011C (en)
DE (1)DE69426416T2 (en)
WO (1)WO1994021067A1 (en)

Cited By (163)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US5414772A (en)*1993-06-231995-05-09Gemplus DevelopmentSystem for improving the digital signature algorithm
US5420927A (en)*1994-02-011995-05-30Micali; SilvioMethod for certifying public keys in a digital signature scheme
DE4416253A1 (en)*1994-05-071995-11-09Deutsche Bundespost TelekomData protection technique testing authenticity and integrity of coded information
US5475758A (en)*1993-01-221995-12-12Fujitsu LimitedUser authenticating system and method in wide area distributed environment
US5491749A (en)*1993-12-301996-02-13International Business Machines CorporationMethod and apparatus for entity authentication and key distribution secure against off-line adversarial attacks
US5491750A (en)*1993-12-301996-02-13International Business Machines CorporationMethod and apparatus for three-party entity authentication and key distribution using message authentication codes
US5497422A (en)*1993-09-301996-03-05Apple Computer, Inc.Message protection mechanism and graphical user interface therefor
US5511121A (en)*1994-02-231996-04-23Bell Communications Research, Inc.Efficient electronic money
US5515441A (en)*1994-05-121996-05-07At&T Corp.Secure communication method and apparatus
WO1996025814A1 (en)*1994-01-111996-08-22David ChaumMulti-purpose transaction card system
US5555551A (en)*1993-06-291996-09-10Airtouch Communications, Inc.Method and apparatus for fraud control in cellular telephone systems
US5557765A (en)*1994-08-111996-09-17Trusted Information Systems, Inc.System and method for data recovery
US5557678A (en)*1994-07-181996-09-17Bell Atlantic Network Services, Inc.System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem
US5559887A (en)*1994-09-301996-09-24Electronic Payment ServiceCollection of value from stored value systems
US5577121A (en)*1994-06-091996-11-19Electronic Payment Services, Inc.Transaction system for integrated circuit cards
US5588061A (en)*1994-07-201996-12-24Bell Atlantic Network Services, Inc.System and method for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
US5600725A (en)*1993-08-171997-02-04R3 Security Engineering AgDigital signature method and key agreement method
US5600722A (en)*1993-10-061997-02-04Nippon Telegraph & Telephone Corp.System and scheme of cipher communication
US5604804A (en)*1996-04-231997-02-18Micali; SilvioMethod for certifying public keys in a digital signature scheme
US5606609A (en)*1994-09-191997-02-25Scientific-AtlantaElectronic document verification system and method
US5610982A (en)*1996-05-151997-03-11Micali; SilvioCompact certification with threshold signatures
US5633930A (en)*1994-09-301997-05-27Electronic Payment Services, Inc.Common cryptographic key verification in a transaction network
US5638447A (en)*1996-05-151997-06-10Micali; SilvioCompact digital signatures
US5715518A (en)*1996-03-061998-02-03Cellular Technical Services Company, Inc.Adaptive waveform matching for use in transmitter identification
DE19640526A1 (en)*1996-10-011998-04-02Deutsche Telekom Ag Process for the transmission of signals
US5737419A (en)*1994-11-091998-04-07Bell Atlantic Network Services, Inc.Computer system for securing communications using split private key asymmetric cryptography
US5748735A (en)*1994-07-181998-05-05Bell Atlantic Network Services, Inc.Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography
US5757924A (en)*1995-09-181998-05-26Digital Secured Networks Techolognies, Inc.Network security device which performs MAC address translation without affecting the IP address
US5761305A (en)*1995-04-211998-06-02Certicom CorporationKey agreement and transport protocol with implicit signatures
WO1998026535A1 (en)*1996-12-121998-06-18Intel CorporationCryptographically protected paging subsystem
US5778072A (en)*1995-07-071998-07-07Sun Microsystems, Inc.System and method to transparently integrate private key operations from a smart card with host-based encryption services
US5812669A (en)*1995-07-191998-09-22Jenkins; LewMethod and system for providing secure EDI over an open network
US5819171A (en)*1995-08-311998-10-06Cellular Technical Services Co., Inc.Automated forced call disruption for use with wireless telephone systems
US5838792A (en)*1994-07-181998-11-17Bell Atlantic Network Services, Inc.Computer system for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem
US5850444A (en)*1996-09-091998-12-15Telefonaktienbolaget L/M Ericsson (Publ)Method and apparatus for encrypting radio traffic in a telecommunications network
US5875394A (en)*1996-12-271999-02-23At & T Wireless Services Inc.Method of mutual authentication for secure wireless service provision
US5878122A (en)*1997-02-071999-03-02Northern Telecom LimitedLong distance service bureau
US5889865A (en)*1995-05-171999-03-30Certicom Corp.Key agreement and transport protocol with implicit signatures
US5893031A (en)*1996-06-271999-04-06Cellular Technical Services Company, Inc.System and method for collection of transmission characteristics
WO1999019844A1 (en)*1997-10-081999-04-22Kutalkova SarkaA method of communication between an external terminal of a bank account user and an internal terminal of a banking system by means of a telephone network and a device for carrying out the method
US5905799A (en)*1994-07-201999-05-18Bell Atlantic Network Services, Inc.Programmed computer for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
US5915021A (en)*1997-02-071999-06-22Nokia Mobile Phones LimitedMethod for secure communications in a telecommunications system
US5924025A (en)*1996-10-251999-07-13Cellular Technical Services Company, Inc.System and method for detection of redial fraud in a cellular telephone system
US5933504A (en)*1995-05-181999-08-03Certicom Corp.Strengthened public key protocol
US5940751A (en)*1996-06-271999-08-17Cellular Technical Services Company, Inc.System and method for detection of fraud in a wireless telephone system
US5950121A (en)*1993-06-291999-09-07Airtouch Communications, Inc.Method and apparatus for fraud control in cellular telephone systems
US5953420A (en)*1996-10-251999-09-14International Business Machines CorporationMethod and apparatus for establishing an authenticated shared secret value between a pair of users
US5956403A (en)*1994-08-111999-09-21Network Association, Inc.System and method for access field verification
US5956635A (en)*1996-07-161999-09-21Cellular Technical Services Company, Inc.Detection and prevention of channel grabbing in a wireless communications system
US5956634A (en)*1997-02-281999-09-21Cellular Technical Services Company, Inc.System and method for detection of fraud in a wireless telephone system
US5970405A (en)*1997-02-281999-10-19Cellular Technical Services Co., Inc.Apparatus and method for preventing fraudulent calls in a wireless telephone system using destination and fingerprint analysis
EP0682327A3 (en)*1994-05-091999-11-03Yeda Research And Development Company, Ltd.Method and apparatus for memory efficient variants of public key encryption and identification schemes for smart card applications
DE19820605A1 (en)*1998-05-081999-11-11Giesecke & Devrient GmbhMethod for secure distribution of software
US5999806A (en)*1997-02-281999-12-07Cellular Technical Services Company, Inc.Waveform collection for use in wireless telephone identification
US5999807A (en)*1997-02-281999-12-07Cellular Technical Services Company, Inc.System and method for the verification of authentic telephone numbers in a wireless telephone system
US6026167A (en)*1994-06-102000-02-15Sun Microsystems, Inc.Method and apparatus for sending secure datagram multicasts
US6052466A (en)*1997-08-282000-04-18Telefonaktiebolaget L M Ericsson (Publ)Encryption of data packets using a sequence of private keys generated from a public key exchange
US6058301A (en)*1996-11-272000-05-02Airtouch Communications, Inc.Cellular fraud prevention using selective roaming
EP0845760A3 (en)*1996-11-212000-07-26Pitney Bowes Inc.Method for verifying the expected postage security device in a host system
EP0845761A3 (en)*1996-11-212000-09-13Pitney Bowes Inc.Method for verifying the expected postage security device and an authorized host system
EP0845762A3 (en)*1996-11-212000-10-11Pitney Bowes Inc.Method for verifying the expected postal security device in a postal security device
US6134431A (en)*1996-10-072000-10-17Hitachi, Ltd.Personal station authentication system and authentication method
US6134597A (en)*1997-05-282000-10-17International Business Machines CorporationCRC hash compressed server object identifier
US6178506B1 (en)1998-10-232001-01-23Qualcomm Inc.Wireless subscription portability
US6178507B1 (en)*1997-02-032001-01-23Certicom Corp.Data card verification system
US6240513B1 (en)*1997-01-032001-05-29Fortress Technologies, Inc.Network security device
US6247129B1 (en)1997-03-122001-06-12Visa International Service AssociationSecure electronic commerce employing integrated circuit cards
US6272632B1 (en)1995-02-212001-08-07Network Associates, Inc.System and method for controlling access to a user secret using a key recovery field
US6292896B1 (en)1997-01-222001-09-18International Business Machines CorporationMethod and apparatus for entity authentication and session key generation
US6349338B1 (en)*1999-03-022002-02-19International Business Machines CorporationTrust negotiation in a client/server data processing network using automatic incremental credential disclosure
US6408175B1 (en)*1998-03-032002-06-18Lg Information & Communications Ltd.Method of managing mobile station operational parameters
US20020081994A1 (en)*2000-12-272002-06-27Kabushiki Kaisha Toshiba.Communication apparatus, and authentication method of the same
US20020087483A1 (en)*2000-12-292002-07-04Shlomi HarifSystem, method and program for creating and distributing processes in a heterogeneous network
US20020087481A1 (en)*2000-12-292002-07-04Shlomi HarifSystem, method and program for enabling an electronic commerce heterogeneous network
US6424701B1 (en)*1998-01-302002-07-23AlcatelMethod and equipment for intercepting telephone calls
US20020107798A1 (en)*2000-06-082002-08-08Patrice HameauMethod for making secure the pre-initialising phase of a silicon chip integrated system, in particular a smart card and integrated system therefor
US6442532B1 (en)*1995-11-132002-08-27Transaction Technology Inc.Wireless transaction and information system
US20020128972A1 (en)*1994-11-232002-09-12Contentguard Holdings, Inc.Digital works having usage rights and method for creating the same
US6453159B1 (en)*1999-02-252002-09-17Telxon CorporationMulti-level encryption system for wireless network
US20020162004A1 (en)*2001-04-252002-10-31Gunter Carl A.Method and system for managing access to services
US20020162002A1 (en)*2001-04-252002-10-31Gunter Carl A.Method and system for controlling access to services
US20020158904A1 (en)*2001-04-252002-10-31Gunter Carl A.Method for automatically generating list of meeting participants and delegation permission
US20020162019A1 (en)*2001-04-252002-10-31Berry Michael C.Method and system for managing access to services
US20020165824A1 (en)*1995-10-022002-11-07Silvio MicaliScalable certificate validation and simplified PKI management
US20020169988A1 (en)*2000-12-222002-11-14Vandergeest Ron J.Method and apparatus for providing user authentication using a back channel
US20030005327A1 (en)*2001-06-292003-01-02Julian DurandSystem for protecting copyrighted materials
KR20030008453A (en)*2001-07-182003-01-29주식회사 더블유에스랩Method of inter-authentication and security service using user-password in SMS for CDMA network
US6526506B1 (en)1999-02-252003-02-25Telxon CorporationMulti-level encryption access point for wireless network
US6532451B1 (en)1998-03-232003-03-11Novell, Inc.Nested strong loader apparatus and method
US20030065956A1 (en)*2001-09-282003-04-03Abhijit BelapurkarChallenge-response data communication protocol
US20030115144A1 (en)*1994-11-232003-06-19Stefik Mark J.Digital work structure
US6615350B1 (en)1998-03-232003-09-02Novell, Inc.Module authentication and binding library extensions
US20030172299A1 (en)*2002-03-052003-09-11Gunter Carl A.Method and system for maintaining secure access to web server services using permissions
US20030182559A1 (en)*2002-03-222003-09-25Ian CurrySecure communication apparatus and method for facilitating recipient and sender activity delegation
US20030200447A1 (en)*2001-08-172003-10-23Lotta AlmrothIdentification system
US20030236977A1 (en)*2001-04-252003-12-25Levas Robert GeorgeMethod and system for providing secure access to applications
US20040005059A1 (en)*2001-11-052004-01-08Yoshihiko SuzukiCorrespondence education system and correspondence education method
KR20040017487A (en)*2002-08-212004-02-27이창우Authenticating method using public key cryptosystem
US6701433B1 (en)1998-03-232004-03-02Novell, Inc.Method and apparatus for escrowing properties used for accessing executable modules
US6738907B1 (en)1998-01-202004-05-18Novell, Inc.Maintaining a soft-token private key store in a distributed environment
KR20040042123A (en)*2002-11-132004-05-20주식회사 퓨쳐시스템Portable authentication apparatus and authentication method using the same
US6751735B1 (en)1998-03-232004-06-15Novell, Inc.Apparatus for control of cryptography implementations in third party applications
KR100449572B1 (en)*2002-05-222004-09-22주식회사 케이티프리텔Method and system for performing mutual authenticating between mobile terminal and server
US20040237031A1 (en)*2003-05-132004-11-25Silvio MicaliEfficient and secure data currentness systems
US20050010783A1 (en)*1995-10-242005-01-13Phil LibinAccess control
EP1496644A3 (en)*1995-04-212005-02-09Certicom Corp.Method for signature and session key generation
US20050055567A1 (en)*1995-10-022005-03-10Phil LibinControlling access to an area
US20050055548A1 (en)*1995-10-242005-03-10Silvio MicaliCertificate revocation system
US6886095B1 (en)1999-05-212005-04-26International Business Machines CorporationMethod and apparatus for efficiently initializing secure communications among wireless devices
US20050149450A1 (en)*1994-11-232005-07-07Contentguard Holdings, Inc.System, method, and device for controlling distribution and use of digital works based on a usage rights grammar
US20050154918A1 (en)*2003-11-192005-07-14David EngbergDistributed delegated path discovery and validation
US20050154879A1 (en)*2004-01-092005-07-14David EngbergBatch OCSP and batch distributed OCSP
US20050204139A1 (en)*2004-03-102005-09-15Helland Patrick J.Service broker security
US20050210263A1 (en)*2001-04-252005-09-22Levas Robert GElectronic form routing and data capture system and method
EP1601154A1 (en)*2004-05-282005-11-30Sap AgClient authentication using a challenge provider
EP1601153A3 (en)*2004-05-282006-01-04Sap AgClient authentication using a challenge provider
US20060053291A1 (en)*2004-09-072006-03-09Brown Michael KSystem and method for updating message trust status
US20060075234A1 (en)*2004-10-042006-04-06Samsung Electronics Co., Ltd.Method of authenticating device using broadcast cryptography
US20060093138A1 (en)*2004-10-292006-05-04Alain DurandSecure authenticated channel
US20060097843A1 (en)*2004-11-102006-05-11Phil LibinActuating a security system using a wireless device
KR100619005B1 (en)*1999-11-252006-08-31삼성전자주식회사Authentication method for establishing connection between devices
US7117180B1 (en)1994-11-232006-10-03Contentguard Holdings, Inc.System for controlling the use of digital works using removable content repositories
US20060271915A1 (en)*2005-05-242006-11-30Contentguard Holdings, Inc.Usage rights grammar and digital works having usage rights created with the grammar
US20070011453A1 (en)*2005-07-072007-01-11Nokia CorporationEstablishment of a trusted relationship between unknown communication parties
US20070028952A1 (en)*2005-08-052007-02-08Outdoor Sleep System, LlcSleeping bag and system
US7215773B1 (en)1998-10-142007-05-08Certicom.Corp.Key validation scheme
US20070211893A1 (en)*2006-03-092007-09-13Motorola, Inc.Encryption and verification using partial public key
US20080005030A1 (en)*2006-06-302008-01-03Scientific-Atlanta, Inc.Secure Escrow and Recovery of Media Device Content Keys
US20080002825A1 (en)*2006-06-302008-01-03Shay GueronMethod and a system for a quick verification rabin signature scheme
US7337315B2 (en)1995-10-022008-02-26Corestreet, Ltd.Efficient certificate revocation
US7353396B2 (en)1995-10-022008-04-01Corestreet, Ltd.Physical access control
US20080098225A1 (en)*2006-10-192008-04-24Mark Wayne BaysingerSystem and method for authenticating remote server access
US20080162940A1 (en)*1995-04-212008-07-03Vanstone Scott AKey Agreement and Transport Protocol With Implicit Signatures
US20080162938A1 (en)*1995-04-212008-07-03Marinus StruikKey agreement and transport protocol
US7409704B1 (en)*1999-07-152008-08-05Telefonaktiebolaget L M Ericsson (Publ)System and method for local policy enforcement for internet service providers
US20080256358A1 (en)*2007-04-122008-10-16Xerox CorporationSystem and method for managing digital certificates on a remote device
WO2009023550A1 (en)*2007-08-142009-02-19Yeda Research & Development Co. Ltd.A method and apparatus for implementing a novel one-way hash function on highly constrained devices such as rfid tags
US20090150671A1 (en)*2007-12-062009-06-11Hiroshi AbeCommunication system and communication terminal device
US7567669B2 (en)1996-05-172009-07-28Certicom Corp.Strengthened public key protocol
US7600129B2 (en)1995-10-022009-10-06Corestreet, Ltd.Controlling access using additional data
US20100067698A1 (en)*2008-09-102010-03-18Lg Electronics Inc.Method for selectively encrypting control signal
US7716486B2 (en)1995-10-022010-05-11Corestreet, Ltd.Controlling group access to doors
US20110191129A1 (en)*2010-02-042011-08-04Netzer MoriyaRandom Number Generator Generating Random Numbers According to an Arbitrary Probability Density Function
US20110197068A1 (en)*1996-07-302011-08-11Holden James MMethods for providing security over untrusted networks
US20110213711A1 (en)*2010-03-012011-09-01Entrust, Inc.Method, system and apparatus for providing transaction verification
US8015597B2 (en)1995-10-022011-09-06Corestreet, Ltd.Disseminating additional data used for controlling access
US8204945B2 (en)2000-06-192012-06-19Stragent, LlcHash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US20120172002A1 (en)*2008-07-152012-07-05Lg Electronics Inc.Method of supporting location privacy
US8261319B2 (en)1995-10-242012-09-04Corestreet, Ltd.Logging access attempts to an area
US20130227290A1 (en)*2012-02-272013-08-29Kabushiki Kaisha ToshibaCommunication Apparatus and Communication Method
US8621227B2 (en)2010-12-282013-12-31Authernative, Inc.System and method for cryptographic key exchange using matrices
US8656484B2 (en)2010-12-282014-02-18Authernative, Inc.System and method for mutually authenticated cryptographic key exchange using matrices
US20140235207A1 (en)*2000-05-262014-08-21Ipcom Gmbh & Co. KgMethod for cryptographically verifiable identification of a physical unit in a public, wireless telecommunications network
US20150195275A1 (en)*2010-10-062015-07-09Prima Cinema, Inc.Secure device authentication protocol
EP2940883A3 (en)*2014-04-292016-01-27LSIS Co., Ltd.Power system
US9277295B2 (en)2006-06-162016-03-01Cisco Technology, Inc.Securing media content using interchangeable encryption key
WO2017065903A1 (en)*2015-10-142017-04-20Sony Interactive Entertainment America LlcFast multicast messaging encryption and authentication
US20170366349A1 (en)*2016-06-162017-12-21International Business Machines CorporationProofs of Plaintext Knowledge and Group Signatures Incorporating Same
US9973342B2 (en)*2016-06-162018-05-15International Business Machines CorporationAuthentication via group signatures
US10205598B2 (en)*2015-05-032019-02-12Ronald Francis Sulpizio, JR.Temporal key generation and PKI gateway
US10339278B2 (en)2015-11-042019-07-02Screening Room Media, Inc.Monitoring nearby mobile computing devices to prevent digital content misuse
US10452819B2 (en)2017-03-202019-10-22Screening Room Media, Inc.Digital credential system
USRE49334E1 (en)2005-10-042022-12-13Hoffberg Family Trust 2Multifactorial optimization system and method

Families Citing this family (73)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US7028187B1 (en)*1991-11-152006-04-11Citibank, N.A.Electronic transaction apparatus for electronic commerce
US5493614A (en)*1994-05-031996-02-20Chaum; DavidPrivate signature and proof systems
US5588060A (en)*1994-06-101996-12-24Sun Microsystems, Inc.Method and apparatus for a key-management scheme for internet protocols
US5787175A (en)*1995-10-231998-07-28Novell, Inc.Method and apparatus for collaborative document control
US5999626A (en)*1996-04-161999-12-07Certicom Corp.Digital signatures on a smartcard
US6901509B1 (en)1996-05-142005-05-31Tumbleweed Communications Corp.Apparatus and method for demonstrating and confirming the status of a digital certificates and other data
US5903651A (en)*1996-05-141999-05-11Valicert, Inc.Apparatus and method for demonstrating and confirming the status of a digital certificates and other data
US5841864A (en)*1996-08-051998-11-24Motorola Inc.Apparatus and method for authentication and session key exchange in a communication system
US6377691B1 (en)*1996-12-092002-04-23Microsoft CorporationChallenge-response authentication and key exchange for a connectionless security protocol
US6154541A (en)*1997-01-142000-11-28Zhang; Jinglong FMethod and apparatus for a robust high-speed cryptosystem
DE19702049C1 (en)*1997-01-221998-05-14IbmChipcard cryptographic key certification method
US6125185A (en)*1997-05-272000-09-26Cybercash, Inc.System and method for encryption key generation
JP3595109B2 (en)*1997-05-282004-12-02日本ユニシス株式会社 Authentication device, terminal device, authentication method in those devices, and storage medium
EP0892520A3 (en)1997-07-172001-10-17Matsushita Electric Industrial Co., Ltd.Elliptic curve calculation apparatus capable of calculating multiples at high speed
US6073237A (en)*1997-11-062000-06-06Cybercash, Inc.Tamper resistant method and apparatus
US6151676A (en)*1997-12-242000-11-21Philips Electronics North America CorporationAdministration and utilization of secret fresh random numbers in a networked environment
CA2255285C (en)*1998-12-042009-10-13Certicom Corp.Enhanced subscriber authentication protocol
US6804778B1 (en)*1999-04-152004-10-12Gilian Technologies, Ltd.Data quality assurance
DE60029217T2 (en)*1999-05-212007-05-31International Business Machines Corp. METHOD AND DEVICE FOR INITIALIZING SAFE CONNECTIONS BETWEEN AND BETWEEN ONLY CUSTOMIZED CORDLESS EQUIPMENT
WO2001013201A2 (en)*1999-08-122001-02-22Sarnoff CorporationPeer-to-peer network user authentication protocol
AU2424401A (en)*1999-11-032001-05-14Motorola, Inc.A method for validating an application for use in a mobile communication device
US7076061B1 (en)2000-02-072006-07-11Citibank, N.A.Efficient and compact subgroup trace representation (“XTR”)
US20050213758A1 (en)*2000-02-072005-09-29Lenstra Arjen KEfficient and compact subgroup trace representation ("XTR")
US7017189B1 (en)*2000-06-272006-03-21Microsoft CorporationSystem and method for activating a rendering device in a multi-level rights-management architecture
FR2821225B1 (en)*2001-02-202005-02-04Mobileway REMOTE ELECTRONIC PAYMENT SYSTEM
US7681034B1 (en)2001-12-122010-03-16Chang-Ping LeeMethod and apparatus for securing electronic data
US7921450B1 (en)2001-12-122011-04-05Klimenty VainsteinSecurity system using indirect key generation from access rules and methods therefor
US6889210B1 (en)*2001-12-122005-05-03Pss Systems, Inc.Method and system for managing security tiers
USRE41546E1 (en)2001-12-122010-08-17Klimenty VainsteinMethod and system for managing security tiers
US8065713B1 (en)2001-12-122011-11-22Klimenty VainsteinSystem and method for providing multi-location access management to secured items
US7921284B1 (en)2001-12-122011-04-05Gary Mark KinghornMethod and system for protecting electronic data in enterprise environment
US7478418B2 (en)2001-12-122009-01-13Guardian Data Storage, LlcGuaranteed delivery of changes to security policies in a distributed system
US7631184B2 (en)*2002-05-142009-12-08Nicholas RyanSystem and method for imposing security on copies of secured items
US10033700B2 (en)2001-12-122018-07-24Intellectual Ventures I LlcDynamic evaluation of access rights
US7178033B1 (en)2001-12-122007-02-13Pss Systems, Inc.Method and apparatus for securing digital assets
US8006280B1 (en)2001-12-122011-08-23Hildebrand Hal SSecurity system for generating keys from access rules in a decentralized manner and methods therefor
US10360545B2 (en)2001-12-122019-07-23Guardian Data Storage, LlcMethod and apparatus for accessing secured electronic data off-line
US7565683B1 (en)2001-12-122009-07-21Weiqing HuangMethod and system for implementing changes to security policies in a distributed security system
US7562232B2 (en)*2001-12-122009-07-14Patrick ZuiliSystem and method for providing manageability to security information for secured items
US7783765B2 (en)*2001-12-122010-08-24Hildebrand Hal SSystem and method for providing distributed access control to secured documents
US7260555B2 (en)2001-12-122007-08-21Guardian Data Storage, LlcMethod and architecture for providing pervasive security to digital assets
US7380120B1 (en)2001-12-122008-05-27Guardian Data Storage, LlcSecured data format for access control
US7921288B1 (en)2001-12-122011-04-05Hildebrand Hal SSystem and method for providing different levels of key security for controlling access to secured items
US7930756B1 (en)2001-12-122011-04-19Crocker Steven ToyeMulti-level cryptographic transformations for securing digital assets
US7950066B1 (en)2001-12-212011-05-24Guardian Data Storage, LlcMethod and system for restricting use of a clipboard application
US8176334B2 (en)2002-09-302012-05-08Guardian Data Storage, LlcDocument security system that permits external users to gain access to secured files
US7748045B2 (en)*2004-03-302010-06-29Michael Frederick KenrichMethod and system for providing cryptographic document retention with off-line access
US8613102B2 (en)*2004-03-302013-12-17Intellectual Ventures I LlcMethod and system for providing document retention using cryptography
US7073068B2 (en)*2002-05-242006-07-04Lucent Technologies Inc.Method and apparatus for distributing shares of a password for use in multi-server password authentication
US20030233584A1 (en)*2002-06-142003-12-18Microsoft CorporationMethod and system using combinable computational puzzles as challenges to network entities for identity check
KR100456624B1 (en)*2002-08-092004-11-10한국전자통신연구원Authentication and key agreement scheme for mobile network
US20040203868A1 (en)*2002-08-142004-10-14Eidson John C.Measurement authentication
US7221757B2 (en)*2002-08-152007-05-22Opentv, Inc.Method and system for accelerated data encryption
US7512810B1 (en)2002-09-112009-03-31Guardian Data Storage LlcMethod and system for protecting encrypted files transmitted over a network
US7836310B1 (en)2002-11-012010-11-16Yevgeniy GutnikSecurity system that uses indirect password-based encryption
US7577838B1 (en)2002-12-202009-08-18Alain RossmannHybrid systems for securing digital assets
US7890990B1 (en)2002-12-202011-02-15Klimenty VainsteinSecurity system with staging capabilities
US8707034B1 (en)2003-05-302014-04-22Intellectual Ventures I LlcMethod and system for using remote headers to secure electronic files
US20040250073A1 (en)*2003-06-032004-12-09Cukier Johnas I.Protocol for hybrid authenticated key establishment
US7730543B1 (en)2003-06-302010-06-01Satyajit NathMethod and system for enabling users of a group shared across multiple file security systems to access secured files
US7555558B1 (en)2003-08-152009-06-30Michael Frederick KenrichMethod and system for fault-tolerant transfer of files across a network
US7703140B2 (en)2003-09-302010-04-20Guardian Data Storage, LlcMethod and system for securing digital assets using process-driven security policies
US8127366B2 (en)2003-09-302012-02-28Guardian Data Storage, LlcMethod and apparatus for transitioning between states of security policies used to secure electronic documents
US7702909B2 (en)*2003-12-222010-04-20Klimenty VainsteinMethod and system for validating timestamps
WO2005109734A1 (en)*2004-05-102005-11-17Koninklijke Philips Electronics N.V.Personal communication apparatus capable of recording transactions secured with biometric data
US7707427B1 (en)2004-07-192010-04-27Michael Frederick KenrichMulti-level file digests
WO2007020566A1 (en)*2005-08-192007-02-22Nxp B.V.Circuit arrangement for and method of performing an inversion operation in a cryptographic calculation
US8265265B2 (en)*2005-08-192012-09-11Nxp B.V.Circuit arrangement and method for RSA key generation
GB0613235D0 (en)*2006-07-042006-08-09Maidsafe Net LtdFile system authentication
US8090954B2 (en)*2007-03-162012-01-03Microsoft CorporationPrevention of unauthorized forwarding and authentication of signatures
US8689003B2 (en)2007-06-012014-04-01Adobe Systems IncorporatedSystem and method for secure password-based authentication
US8117447B2 (en)*2008-01-102012-02-14Industrial Technology Research InstituteAuthentication method employing elliptic curve cryptography
CN110035071A (en)*2019-03-262019-07-19南瑞集团有限公司A kind of long-range double factor mutual authentication method, client and server-side towards industrial control system

Citations (6)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US4453074A (en)*1981-10-191984-06-05American Express CompanyProtection system for intelligent cards
US4723284A (en)*1983-02-141988-02-02Prime Computer, Inc.Authentication system
US4799258A (en)*1984-02-131989-01-17National Research Development CorporationApparatus and methods for granting access to computers
US4876716A (en)*1986-08-221989-10-24Nec CorporationKey distribution method
US4935962A (en)*1988-05-191990-06-19Ncr CorporationMethod and system for authentication
US4969189A (en)*1988-06-251990-11-06Nippon Telegraph & Telephone CorporationAuthentication system and apparatus therefor

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US4759063A (en)*1983-08-221988-07-19Chaum David LBlind signature systems
US4885777A (en)*1985-09-041989-12-05Hitachi, Ltd.Electronic transaction system
US5218637A (en)*1987-09-071993-06-08L'etat Francais Represente Par Le Ministre Des Postes, Des Telecommunications Et De L'espaceMethod of transferring a secret, by the exchange of two certificates between two microcomputers which establish reciprocal authorization
US5016274A (en)*1988-11-081991-05-14Silvio MicaliOn-line/off-line digital signing
US5222140A (en)*1991-11-081993-06-22Bell Communications Research, Inc.Cryptographic method for key agreement and user authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US4453074A (en)*1981-10-191984-06-05American Express CompanyProtection system for intelligent cards
US4723284A (en)*1983-02-141988-02-02Prime Computer, Inc.Authentication system
US4799258A (en)*1984-02-131989-01-17National Research Development CorporationApparatus and methods for granting access to computers
US4876716A (en)*1986-08-221989-10-24Nec CorporationKey distribution method
US4935962A (en)*1988-05-191990-06-19Ncr CorporationMethod and system for authentication
US4969189A (en)*1988-06-251990-11-06Nippon Telegraph & Telephone CorporationAuthentication system and apparatus therefor

Non-Patent Citations (22)

* Cited by examiner, † Cited by third party
Title
A. Fiat et al., How to Prove Yourself: Practical Solutions to Identification and Signature Problems, Proceedings of CRYPTO 86, A. M. Odlyzko, Ed., LNCS 263, pp. 186 194, 1987.*
A. Fiat et al., How to Prove Yourself: Practical Solutions to Identification and Signature Problems, Proceedings of CRYPTO '86, A. M. Odlyzko, Ed., LNCS 263, pp. 186-194, 1987.
A. Shamir, An Efficient Identification Scheme Based on Permuted Kernels, Proceedings of CRYPTO 89, G. Brassard, Ed., LNCS 435, pp. 606 609, Apr. 1989.*
A. Shamir, An Efficient Identification Scheme Based on Permuted Kernels, Proceedings of CRYPTO '89, G. Brassard, Ed., LNCS 435, pp. 606-609, Apr. 1989.
A. Shimizu et al., FEAL Fast Data Encipherment Algorithm, Systems and Computers in Japan, vol. 19, No. 7, pp. 20 34, 1988.*
A. Shimizu et al., FEAL-Fast Data Encipherment Algorithm, Systems and Computers in Japan, vol. 19, No. 7, pp. 20-34, 1988.
C. P. Schnorr, Efficient Signature Generation by Smart Cards, Journal of Cryptology, vol. 4, No. 3, pp. 161 174, Mar. 1991.*
C. P. Schnorr, Efficient Signature Generation by Smart Cards, Journal of Cryptology, vol. 4, No. 3, pp. 161-174, Mar. 1991.
M. O. Rabin, Digitalized Signatures and Public Key Functions as Intractable as Factorization, MIT Laboratory for Computer Science, TR 212, Jan. 1979.*
N. Koblitz, A Course in Number Theory and Cryptography, Springer Verlag, p. 32, 1987.*
National Bureau of Standards, Data Encryption Standard, FIPS PUB 46, 1977.*
National Bureau of Standards, Data Encryption Standard, FIPS-PUB-46, 1977.
R. C. Rivest et al., A Method for Obtaining Digital Signatures and Public Key Cryptosystems, Communications of the ACM, vol. 21, No. 2, pp. 120 126, Feb. 1978.*
R. C. Rivest et al., A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, vol. 21, No. 2, pp. 120-126, Feb. 1978.
S. Even et al. On Line/Off Line Digital Signatures, in Advances in Cryptology CRYPTO 89 Proceedings, G. Brassard (ed.), Lecture Notes in Computer Science, vol. 435, Springer Verlag, pp. 263 275, 1990.*
S. Even et al. On-Line/Off-Line Digital Signatures, in Advances in Cryptology-CRYPTO '89 Proceedings, G. Brassard (ed.), Lecture Notes in Computer Science, vol. 435, Springer-Verlag, pp. 263-275, 1990.
S. Goldwasser et al., A Digital Signature Scheme Secured Against Adaptive Chosen Message Attacks, SIAM J. COMPUT., vol. 17, No. 2, pp. 281 308, Apr. 1988.*
S. Goldwasser et al., A Digital Signature Scheme Secured Against Adaptive Chosen-Message Attacks, SIAM J. COMPUT., vol. 17, No. 2, pp. 281-308, Apr. 1988.
S. Miyaguchi, The FEAL Cipher Family, Proceedings of CRYPTO 90, Santa Barbara, Calif., Aug. 1990.*
S. Miyaguchi, The FEAL Cipher Family, Proceedings of CRYPTO '90, Santa Barbara, Calif., Aug. 1990.
T. Elgamal, A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Trans. on Info. Theory, vol. IT 31, No. 4, pp. 469 472, Jul. 1985.*
T. Elgamal, A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms, IEEE Trans. on Info. Theory, vol. IT-31, No. 4, pp. 469-472, Jul. 1985.

Cited By (290)

* Cited by examiner, † Cited by third party
Publication numberPriority datePublication dateAssigneeTitle
US5475758A (en)*1993-01-221995-12-12Fujitsu LimitedUser authenticating system and method in wide area distributed environment
US5414772A (en)*1993-06-231995-05-09Gemplus DevelopmentSystem for improving the digital signature algorithm
US6185416B1 (en)1993-06-292001-02-06Cellco PartnershipMethod and apparatus for fraud control in cellular telephone systems
US5950121A (en)*1993-06-291999-09-07Airtouch Communications, Inc.Method and apparatus for fraud control in cellular telephone systems
US5555551A (en)*1993-06-291996-09-10Airtouch Communications, Inc.Method and apparatus for fraud control in cellular telephone systems
US6219538B1 (en)1993-06-292001-04-17Cellco PartnershipMethod and apparatus for fraud control in cellular telephone systems
US5600725A (en)*1993-08-171997-02-04R3 Security Engineering AgDigital signature method and key agreement method
US5497422A (en)*1993-09-301996-03-05Apple Computer, Inc.Message protection mechanism and graphical user interface therefor
US5600722A (en)*1993-10-061997-02-04Nippon Telegraph & Telephone Corp.System and scheme of cipher communication
US5491749A (en)*1993-12-301996-02-13International Business Machines CorporationMethod and apparatus for entity authentication and key distribution secure against off-line adversarial attacks
US5491750A (en)*1993-12-301996-02-13International Business Machines CorporationMethod and apparatus for three-party entity authentication and key distribution using message authentication codes
WO1996025814A1 (en)*1994-01-111996-08-22David ChaumMulti-purpose transaction card system
US6434238B1 (en)1994-01-112002-08-13Infospace, Inc.Multi-purpose transaction card system
WO1995021495A1 (en)*1994-02-011995-08-10Silvio MicaliMethod for certifying public keys in a digital signature scheme
US5420927A (en)*1994-02-011995-05-30Micali; SilvioMethod for certifying public keys in a digital signature scheme
US5511121A (en)*1994-02-231996-04-23Bell Communications Research, Inc.Efficient electronic money
DE4416253B4 (en)*1994-05-072005-09-22Deutsche Telekom Ag Method for distributing key information in a manner compatible with data protection
DE4416253A1 (en)*1994-05-071995-11-09Deutsche Bundespost TelekomData protection technique testing authenticity and integrity of coded information
EP0682327A3 (en)*1994-05-091999-11-03Yeda Research And Development Company, Ltd.Method and apparatus for memory efficient variants of public key encryption and identification schemes for smart card applications
US5515441A (en)*1994-05-121996-05-07At&T Corp.Secure communication method and apparatus
US5577121A (en)*1994-06-091996-11-19Electronic Payment Services, Inc.Transaction system for integrated circuit cards
US6026167A (en)*1994-06-102000-02-15Sun Microsystems, Inc.Method and apparatus for sending secure datagram multicasts
US5557678A (en)*1994-07-181996-09-17Bell Atlantic Network Services, Inc.System and method for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem
US5838792A (en)*1994-07-181998-11-17Bell Atlantic Network Services, Inc.Computer system for centralized session key distribution, privacy enhanced messaging and information distribution using a split private key public cryptosystem
US5748735A (en)*1994-07-181998-05-05Bell Atlantic Network Services, Inc.Securing E-mail communications and encrypted file storage using yaksha split private key asymmetric cryptography
US5588061A (en)*1994-07-201996-12-24Bell Atlantic Network Services, Inc.System and method for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
US5905799A (en)*1994-07-201999-05-18Bell Atlantic Network Services, Inc.Programmed computer for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
US5745573A (en)*1994-08-111998-04-28Trusted Information Systems, Inc.System and method for controlling access to a user secret
US5991406A (en)*1994-08-111999-11-23Network Associates, Inc.System and method for data recovery
US5956403A (en)*1994-08-111999-09-21Network Association, Inc.System and method for access field verification
US5557765A (en)*1994-08-111996-09-17Trusted Information Systems, Inc.System and method for data recovery
US5606609A (en)*1994-09-191997-02-25Scientific-AtlantaElectronic document verification system and method
US5633930A (en)*1994-09-301997-05-27Electronic Payment Services, Inc.Common cryptographic key verification in a transaction network
US5559887A (en)*1994-09-301996-09-24Electronic Payment ServiceCollection of value from stored value systems
US5737419A (en)*1994-11-091998-04-07Bell Atlantic Network Services, Inc.Computer system for securing communications using split private key asymmetric cryptography
US9953328B2 (en)1994-11-232018-04-24Contentguard Holdings, Inc.Method and system for conducting transactions between repositories
US20030115144A1 (en)*1994-11-232003-06-19Stefik Mark J.Digital work structure
US20040073513A1 (en)*1994-11-232004-04-15Contentguard Holdings, Inc.Method and system for conducting transactions between repositories
US20040064417A1 (en)*1994-11-232004-04-01Xerox CorporationMethod for controlling use of database content
US7970709B2 (en)1994-11-232011-06-28Contentguard Holdings, Inc.Method and apparatus for client customization by executing software parts on plural servers
US7809644B2 (en)1994-11-232010-10-05Contentguard Holdings, Inc.Digital work structure
US6928419B2 (en)1994-11-232005-08-09Contentguard Holdings, Inc.Method and apparatus for repackaging portions of digital works as new digital works
US20100212027A1 (en)*1994-11-232010-08-19Contentguard Holdings, Inc.System and method for rendering content associated with a digital work
US7024392B2 (en)1994-11-232006-04-04Contentguard Holdings, Inc.Method for controlling use of database content
US7269576B2 (en)1994-11-232007-09-11Contentguard Holdings, Inc.Content rendering apparatus
US20040015446A1 (en)*1994-11-232004-01-22Contentguard Holdings, Inc.Usage rights grammar and digital works having usage rights created with the grammar
US7043453B2 (en)1994-11-232006-05-09Contentguard Holdings, Inc.Method and system for conducting transactions between repositories using a repository transaction protocol
US20020128972A1 (en)*1994-11-232002-09-12Contentguard Holdings, Inc.Digital works having usage rights and method for creating the same
US20060106722A1 (en)*1994-11-232006-05-18Contentguard Holdings, Inc.Usage rights grammar and digital works having usage rights created with the grammar
US20030225698A1 (en)*1994-11-232003-12-04Contentguard Holdings, Inc.Method and apparatus for executing code in accordance with usage rights
US20040107166A1 (en)*1994-11-232004-06-03Contentguard Holding, Inc.Usage rights grammar and digital works having usage rights created with the grammar
US20060167801A1 (en)*1994-11-232006-07-27Contentguard Holdings, Inc.Method and apparatus for client customization by executing software parts on plural servers
US7523072B2 (en)1994-11-232009-04-21Contentguard Holdings, Inc.System for controlling the distribution and use of digital works
US20060190404A1 (en)*1994-11-232006-08-24Contentguard Holdings, Inc.System for controlling the distribution and use of digital works
US6898576B2 (en)1994-11-232005-05-24Contentguard Holdings, Inc.Method and apparatus for executing code in accordance with usage rights
US7117180B1 (en)1994-11-232006-10-03Contentguard Holdings, Inc.System for controlling the use of digital works using removable content repositories
US6925448B2 (en)1994-11-232005-08-02Contentguard Holdings, Inc.Usage rights grammar and digital works having usage rights created with the grammar
US20030167236A1 (en)*1994-11-232003-09-04Contentguard Holdings, Inc.Method and apparatus for repackaging portions of digital works as new digital works
US6920436B2 (en)1994-11-232005-07-19Contentguard Holdings, Inc.Digital work structure
US6910022B2 (en)1994-11-232005-06-21Contentguard Holdings, Inc.Usage rights grammar and digital works having usage rights created with the grammar
US7389270B2 (en)1994-11-232008-06-17Contentguard Holdings, Inc.System for controlling the distribution and use of digital works
EP1349044A3 (en)*1994-11-232004-10-27ContentGuard Holdings, Inc.System for controlling the distribution and use of digital works using digital tickets
US20050149450A1 (en)*1994-11-232005-07-07Contentguard Holdings, Inc.System, method, and device for controlling distribution and use of digital works based on a usage rights grammar
US6934693B2 (en)1994-11-232005-08-23Contentguard Holdings, Inc.System for controlling the distribution and use of digital works
US7225160B2 (en)1994-11-232007-05-29Contentguard Holdings, Inc.Digital works having usage rights and method for creating the same
US7260556B2 (en)1994-11-232007-08-21Contentguard Holdings, Inc.Content rendering device with usage rights
US7266529B2 (en)1994-11-232007-09-04Contentguard Holdings, Inc.Method and apparatus for executing code in accordance with usage rights
US6272632B1 (en)1995-02-212001-08-07Network Associates, Inc.System and method for controlling access to a user secret using a key recovery field
US8090947B2 (en)1995-04-212012-01-03Certicom Corp.Key agreement and transport protocol with implicit signatures
US7779259B2 (en)1995-04-212010-08-17Certicom Corp.Key agreement and transport protocol with implicit signatures
US20080162940A1 (en)*1995-04-212008-07-03Vanstone Scott AKey Agreement and Transport Protocol With Implicit Signatures
US20080162938A1 (en)*1995-04-212008-07-03Marinus StruikKey agreement and transport protocol
US20100281259A1 (en)*1995-04-212010-11-04Certicom Corp.Key agreement and transport protocol with implicit signatures
US8578165B2 (en)1995-04-212013-11-05Certicom Corp.Key agreement and transport protocol
US8892890B2 (en)1995-04-212014-11-18Certicom Corp.Key agreement and transport protocol
US5761305A (en)*1995-04-211998-06-02Certicom CorporationKey agreement and transport protocol with implicit signatures
US8209533B2 (en)1995-04-212012-06-26Certicom Corp.Key agreement and transport protocol
EP1496644A3 (en)*1995-04-212005-02-09Certicom Corp.Method for signature and session key generation
US5896455A (en)*1995-05-171999-04-20Certicom CorporationKey agreement and transport protocol with implicit signatures
US5889865A (en)*1995-05-171999-03-30Certicom Corp.Key agreement and transport protocol with implicit signatures
US5933504A (en)*1995-05-181999-08-03Certicom Corp.Strengthened public key protocol
US6563928B1 (en)1995-05-182003-05-13Certicom Corp.Strengthened public key protocol
US5778072A (en)*1995-07-071998-07-07Sun Microsystems, Inc.System and method to transparently integrate private key operations from a smart card with host-based encryption services
US5812669A (en)*1995-07-191998-09-22Jenkins; LewMethod and system for providing secure EDI over an open network
US5819171A (en)*1995-08-311998-10-06Cellular Technical Services Co., Inc.Automated forced call disruption for use with wireless telephone systems
US5757924A (en)*1995-09-181998-05-26Digital Secured Networks Techolognies, Inc.Network security device which performs MAC address translation without affecting the IP address
US6151679A (en)*1995-09-182000-11-21Fortress Technologies Inc. Of FloridaSystem and method for preventing a first node from being emulated by another node
US20020165824A1 (en)*1995-10-022002-11-07Silvio MicaliScalable certificate validation and simplified PKI management
US7337315B2 (en)1995-10-022008-02-26Corestreet, Ltd.Efficient certificate revocation
US7716486B2 (en)1995-10-022010-05-11Corestreet, Ltd.Controlling group access to doors
US8015597B2 (en)1995-10-022011-09-06Corestreet, Ltd.Disseminating additional data used for controlling access
US8732457B2 (en)1995-10-022014-05-20Assa Abloy AbScalable certificate validation and simplified PKI management
US7353396B2 (en)1995-10-022008-04-01Corestreet, Ltd.Physical access control
US7822989B2 (en)1995-10-022010-10-26Corestreet, Ltd.Controlling access to an area
US20050055567A1 (en)*1995-10-022005-03-10Phil LibinControlling access to an area
US7600129B2 (en)1995-10-022009-10-06Corestreet, Ltd.Controlling access using additional data
US20050010783A1 (en)*1995-10-242005-01-13Phil LibinAccess control
US7529928B2 (en)1995-10-242009-05-05Corestreet, Ltd.Certificate revocation system
US20050055548A1 (en)*1995-10-242005-03-10Silvio MicaliCertificate revocation system
US8261319B2 (en)1995-10-242012-09-04Corestreet, Ltd.Logging access attempts to an area
US7660994B2 (en)1995-10-242010-02-09Corestreet, Ltd.Access control
US6442532B1 (en)*1995-11-132002-08-27Transaction Technology Inc.Wireless transaction and information system
US5715518A (en)*1996-03-061998-02-03Cellular Technical Services Company, Inc.Adaptive waveform matching for use in transmitter identification
US5604804A (en)*1996-04-231997-02-18Micali; SilvioMethod for certifying public keys in a digital signature scheme
US5717759A (en)*1996-04-231998-02-10Micali; SilvioMethod for certifying public keys in a digital signature scheme
US5638447A (en)*1996-05-151997-06-10Micali; SilvioCompact digital signatures
US5610982A (en)*1996-05-151997-03-11Micali; SilvioCompact certification with threshold signatures
US8229113B2 (en)1996-05-172012-07-24Certicom Corp.Strengthened public key protocol
US8983064B2 (en)1996-05-172015-03-17Certicom Corp.Strengthened public key protocol
US20100014663A1 (en)*1996-05-172010-01-21Certicom Corp.Strengthened public key protocol
US8953787B2 (en)1996-05-172015-02-10Certicom Corp.Strengthened public key protocol
US7567669B2 (en)1996-05-172009-07-28Certicom Corp.Strengthened public key protocol
US5893031A (en)*1996-06-271999-04-06Cellular Technical Services Company, Inc.System and method for collection of transmission characteristics
US5940751A (en)*1996-06-271999-08-17Cellular Technical Services Company, Inc.System and method for detection of fraud in a wireless telephone system
US5956635A (en)*1996-07-161999-09-21Cellular Technical Services Company, Inc.Detection and prevention of channel grabbing in a wireless communications system
US8874768B2 (en)*1996-07-302014-10-28Round Rocks Research, LLCMethods for providing security over untrusted networks
US20110197068A1 (en)*1996-07-302011-08-11Holden James MMethods for providing security over untrusted networks
US5850444A (en)*1996-09-091998-12-15Telefonaktienbolaget L/M Ericsson (Publ)Method and apparatus for encrypting radio traffic in a telecommunications network
DE19640526A1 (en)*1996-10-011998-04-02Deutsche Telekom Ag Process for the transmission of signals
US7188361B1 (en)1996-10-012007-03-06Deutsche Telekom AgMethod of transmitting signals
US6134431A (en)*1996-10-072000-10-17Hitachi, Ltd.Personal station authentication system and authentication method
US5953420A (en)*1996-10-251999-09-14International Business Machines CorporationMethod and apparatus for establishing an authenticated shared secret value between a pair of users
US5924025A (en)*1996-10-251999-07-13Cellular Technical Services Company, Inc.System and method for detection of redial fraud in a cellular telephone system
EP0845761A3 (en)*1996-11-212000-09-13Pitney Bowes Inc.Method for verifying the expected postage security device and an authorized host system
EP0845762A3 (en)*1996-11-212000-10-11Pitney Bowes Inc.Method for verifying the expected postal security device in a postal security device
US6260144B1 (en)1996-11-212001-07-10Pitney Bowes Inc.Method for verifying the expected postal security device in a postage metering system
US6397328B1 (en)1996-11-212002-05-28Pitney Bowes Inc.Method for verifying the expected postage security device and an authorized host system
EP0845760A3 (en)*1996-11-212000-07-26Pitney Bowes Inc.Method for verifying the expected postage security device in a host system
US6058301A (en)*1996-11-272000-05-02Airtouch Communications, Inc.Cellular fraud prevention using selective roaming
US6285871B1 (en)1996-11-272001-09-04Cellco PartnershipCellular fraud prevention using selective roaming
WO1998026535A1 (en)*1996-12-121998-06-18Intel CorporationCryptographically protected paging subsystem
GB2334866A (en)*1996-12-121999-09-01Intel CorpCryptographically protected paging subsystem
GB2334866B (en)*1996-12-122001-07-18Intel CorpCryptographically protected paging subsystem
US5875394A (en)*1996-12-271999-02-23At & T Wireless Services Inc.Method of mutual authentication for secure wireless service provision
US6240513B1 (en)*1997-01-032001-05-29Fortress Technologies, Inc.Network security device
US6292896B1 (en)1997-01-222001-09-18International Business Machines CorporationMethod and apparatus for entity authentication and session key generation
US6178507B1 (en)*1997-02-032001-01-23Certicom Corp.Data card verification system
US8307211B2 (en)1997-02-032012-11-06Certicom Corp.Data card verification system
US9990796B2 (en)1997-02-032018-06-05Certicom Corp.Data card verification system
US20020174339A1 (en)*1997-02-032002-11-21Vanstone Scott A.Data card verification system
US7472276B2 (en)1997-02-032008-12-30Certicom Corp.Data card verification system
US20090164792A1 (en)*1997-02-032009-06-25Vanstone Scott AData card verification system
US8966271B2 (en)1997-02-032015-02-24Certicom Corp.Data card verification system
US7822987B2 (en)1997-02-032010-10-26Certicom Corp.Data card verification system
US20110016324A1 (en)*1997-02-032011-01-20Certicom Corp.Data card verification system
US5878122A (en)*1997-02-071999-03-02Northern Telecom LimitedLong distance service bureau
US5915021A (en)*1997-02-071999-06-22Nokia Mobile Phones LimitedMethod for secure communications in a telecommunications system
US6023689A (en)*1997-02-072000-02-08Nokia Mobile Phones LimitedMethod for secure communication in a telecommunications system
US5956634A (en)*1997-02-281999-09-21Cellular Technical Services Company, Inc.System and method for detection of fraud in a wireless telephone system
US5999806A (en)*1997-02-281999-12-07Cellular Technical Services Company, Inc.Waveform collection for use in wireless telephone identification
US5999807A (en)*1997-02-281999-12-07Cellular Technical Services Company, Inc.System and method for the verification of authentic telephone numbers in a wireless telephone system
US5970405A (en)*1997-02-281999-10-19Cellular Technical Services Co., Inc.Apparatus and method for preventing fraudulent calls in a wireless telephone system using destination and fingerprint analysis
US6247129B1 (en)1997-03-122001-06-12Visa International Service AssociationSecure electronic commerce employing integrated circuit cards
US6134597A (en)*1997-05-282000-10-17International Business Machines CorporationCRC hash compressed server object identifier
US6052466A (en)*1997-08-282000-04-18Telefonaktiebolaget L M Ericsson (Publ)Encryption of data packets using a sequence of private keys generated from a public key exchange
WO1999019844A1 (en)*1997-10-081999-04-22Kutalkova SarkaA method of communication between an external terminal of a bank account user and an internal terminal of a banking system by means of a telephone network and a device for carrying out the method
US6760843B1 (en)1998-01-202004-07-06Novell, Inc.Maintaining a soft-token private key store in a distributed environment
US6738907B1 (en)1998-01-202004-05-18Novell, Inc.Maintaining a soft-token private key store in a distributed environment
US6424701B1 (en)*1998-01-302002-07-23AlcatelMethod and equipment for intercepting telephone calls
US6408175B1 (en)*1998-03-032002-06-18Lg Information & Communications Ltd.Method of managing mobile station operational parameters
US6751735B1 (en)1998-03-232004-06-15Novell, Inc.Apparatus for control of cryptography implementations in third party applications
US6532451B1 (en)1998-03-232003-03-11Novell, Inc.Nested strong loader apparatus and method
US20030061483A1 (en)*1998-03-232003-03-27Novell, Inc.Nested strong loader apparatus and method
US7383442B2 (en)1998-03-232008-06-03Novell, Inc.Nested strong loader apparatus and method
US6701433B1 (en)1998-03-232004-03-02Novell, Inc.Method and apparatus for escrowing properties used for accessing executable modules
US6615350B1 (en)1998-03-232003-09-02Novell, Inc.Module authentication and binding library extensions
US6405923B1 (en)1998-05-082002-06-18Giesecke & Devrient GmbhMethod for secure distribution of data
DE19820605A1 (en)*1998-05-081999-11-11Giesecke & Devrient GmbhMethod for secure distribution of software
US20070147607A1 (en)*1998-10-142007-06-28Johnson Donald BKey validation scheme
US8116451B2 (en)1998-10-142012-02-14Certicom CorporationKey validation scheme
US8594324B2 (en)1998-10-142013-11-26Certicom Corp.Key validation scheme
US7215773B1 (en)1998-10-142007-05-08Certicom.Corp.Key validation scheme
US6178506B1 (en)1998-10-232001-01-23Qualcomm Inc.Wireless subscription portability
US6453159B1 (en)*1999-02-252002-09-17Telxon CorporationMulti-level encryption system for wireless network
US6526506B1 (en)1999-02-252003-02-25Telxon CorporationMulti-level encryption access point for wireless network
US6349338B1 (en)*1999-03-022002-02-19International Business Machines CorporationTrust negotiation in a client/server data processing network using automatic incremental credential disclosure
US6839553B2 (en)1999-03-032005-01-04Lg Information & Communications, Ltd.Method of managing mobile station operational parameters
US6886095B1 (en)1999-05-212005-04-26International Business Machines CorporationMethod and apparatus for efficiently initializing secure communications among wireless devices
US7409704B1 (en)*1999-07-152008-08-05Telefonaktiebolaget L M Ericsson (Publ)System and method for local policy enforcement for internet service providers
KR100619005B1 (en)*1999-11-252006-08-31삼성전자주식회사Authentication method for establishing connection between devices
US20140235207A1 (en)*2000-05-262014-08-21Ipcom Gmbh & Co. KgMethod for cryptographically verifiable identification of a physical unit in a public, wireless telecommunications network
US9100827B2 (en)*2000-05-262015-08-04Ipcom Gmbh & Co. KgMethod for cryptographically verifiable identification of a physical unit in a public, wireless telecommunications network
US20020107798A1 (en)*2000-06-082002-08-08Patrice HameauMethod for making secure the pre-initialising phase of a silicon chip integrated system, in particular a smart card and integrated system therefor
US7602920B2 (en)*2000-06-082009-10-13Cp8 TechnologiesMethod for making secure the pre-initialising phase of a silicon chip integrated system, in particular a smart card and integrated system therefor
US8204945B2 (en)2000-06-192012-06-19Stragent, LlcHash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US8272060B2 (en)2000-06-192012-09-18Stragent, LlcHash-based systems and methods for detecting and preventing transmission of polymorphic network worms and viruses
US20020169988A1 (en)*2000-12-222002-11-14Vandergeest Ron J.Method and apparatus for providing user authentication using a back channel
US7765580B2 (en)2000-12-222010-07-27Entrust, Inc.Method and apparatus for providing user authentication using a back channel
US20020081994A1 (en)*2000-12-272002-06-27Kabushiki Kaisha Toshiba.Communication apparatus, and authentication method of the same
US20020087481A1 (en)*2000-12-292002-07-04Shlomi HarifSystem, method and program for enabling an electronic commerce heterogeneous network
US20020087483A1 (en)*2000-12-292002-07-04Shlomi HarifSystem, method and program for creating and distributing processes in a heterogeneous network
US20020162019A1 (en)*2001-04-252002-10-31Berry Michael C.Method and system for managing access to services
US20020162002A1 (en)*2001-04-252002-10-31Gunter Carl A.Method and system for controlling access to services
US20050210263A1 (en)*2001-04-252005-09-22Levas Robert GElectronic form routing and data capture system and method
US20020158904A1 (en)*2001-04-252002-10-31Gunter Carl A.Method for automatically generating list of meeting participants and delegation permission
US20030236977A1 (en)*2001-04-252003-12-25Levas Robert GeorgeMethod and system for providing secure access to applications
US20050086540A1 (en)*2001-04-252005-04-21Probaris Technologies, Inc.Method for automatically generating list of meeting participants and delegating permission
US20020162004A1 (en)*2001-04-252002-10-31Gunter Carl A.Method and system for managing access to services
US6885388B2 (en)2001-04-252005-04-26Probaris Technologies Inc.Method for automatically generating list of meeting participants and delegation permission
US20030005327A1 (en)*2001-06-292003-01-02Julian DurandSystem for protecting copyrighted materials
WO2003003213A1 (en)*2001-06-292003-01-09Nokia CorporationSystem for protecting copyrighted materials
KR20030008453A (en)*2001-07-182003-01-29주식회사 더블유에스랩Method of inter-authentication and security service using user-password in SMS for CDMA network
US20030200447A1 (en)*2001-08-172003-10-23Lotta AlmrothIdentification system
US20030065956A1 (en)*2001-09-282003-04-03Abhijit BelapurkarChallenge-response data communication protocol
US20040005059A1 (en)*2001-11-052004-01-08Yoshihiko SuzukiCorrespondence education system and correspondence education method
US20030172299A1 (en)*2002-03-052003-09-11Gunter Carl A.Method and system for maintaining secure access to web server services using permissions
US20030182559A1 (en)*2002-03-222003-09-25Ian CurrySecure communication apparatus and method for facilitating recipient and sender activity delegation
KR100449572B1 (en)*2002-05-222004-09-22주식회사 케이티프리텔Method and system for performing mutual authenticating between mobile terminal and server
KR20040017487A (en)*2002-08-212004-02-27이창우Authenticating method using public key cryptosystem
KR20040042123A (en)*2002-11-132004-05-20주식회사 퓨쳐시스템Portable authentication apparatus and authentication method using the same
US7657751B2 (en)2003-05-132010-02-02Corestreet, Ltd.Efficient and secure data currentness systems
US20040237031A1 (en)*2003-05-132004-11-25Silvio MicaliEfficient and secure data currentness systems
US20050154918A1 (en)*2003-11-192005-07-14David EngbergDistributed delegated path discovery and validation
US8707030B2 (en)2003-11-192014-04-22Corestreet, Ltd.Distributed delegated path discovery and validation
US7966487B2 (en)2004-01-092011-06-21Corestreet, Ltd.Communication-efficient real time credentials for OCSP and distributed OCSP
US20050154879A1 (en)*2004-01-092005-07-14David EngbergBatch OCSP and batch distributed OCSP
US20050204139A1 (en)*2004-03-102005-09-15Helland Patrick J.Service broker security
US7673141B2 (en)2004-05-282010-03-02Sap AktiengesellschaftClient authentication using a challenge provider
EP1601154A1 (en)*2004-05-282005-11-30Sap AgClient authentication using a challenge provider
EP1601153A3 (en)*2004-05-282006-01-04Sap AgClient authentication using a challenge provider
US20050268096A1 (en)*2004-05-282005-12-01Roger Kilian-KehrClient authentication using a challenge provider
US7509120B2 (en)*2004-09-072009-03-24Research In Motion LimitedSystem and method for updating message trust status
US20060053291A1 (en)*2004-09-072006-03-09Brown Michael KSystem and method for updating message trust status
US8385887B2 (en)2004-09-072013-02-26Research In Motion LimitedSystem and method for updating message trust status
US20090210718A1 (en)*2004-09-072009-08-20Research In Motion LimitedSystem and method for updating message trust status
US10476677B2 (en)2004-09-072019-11-12Blackberry LimitedSystem and method for updating message trust status
US8831569B2 (en)*2004-09-072014-09-09Blackberry LimitedSystem and method for updating message trust status
US20060075234A1 (en)*2004-10-042006-04-06Samsung Electronics Co., Ltd.Method of authenticating device using broadcast cryptography
US20060093138A1 (en)*2004-10-292006-05-04Alain DurandSecure authenticated channel
US7545932B2 (en)*2004-10-292009-06-09Thomson LicensingSecure authenticated channel
US20060097843A1 (en)*2004-11-102006-05-11Phil LibinActuating a security system using a wireless device
US7205882B2 (en)2004-11-102007-04-17Corestreet, Ltd.Actuating a security system using a wireless device
US20060271915A1 (en)*2005-05-242006-11-30Contentguard Holdings, Inc.Usage rights grammar and digital works having usage rights created with the grammar
US20060271493A1 (en)*2005-05-242006-11-30Contentguard Holdings, Inc.Method and apparatus for executing code in accordance with usage rights
US8132005B2 (en)*2005-07-072012-03-06Nokia CorporationEstablishment of a trusted relationship between unknown communication parties
US20070011453A1 (en)*2005-07-072007-01-11Nokia CorporationEstablishment of a trusted relationship between unknown communication parties
US20070028952A1 (en)*2005-08-052007-02-08Outdoor Sleep System, LlcSleeping bag and system
USRE49334E1 (en)2005-10-042022-12-13Hoffberg Family Trust 2Multifactorial optimization system and method
US20070211893A1 (en)*2006-03-092007-09-13Motorola, Inc.Encryption and verification using partial public key
US7664259B2 (en)*2006-03-092010-02-16Motorola, Inc.Encryption and verification using partial public key
US11212583B2 (en)2006-06-162021-12-28Synamedia LimitedSecuring media content using interchangeable encryption key
US9277295B2 (en)2006-06-162016-03-01Cisco Technology, Inc.Securing media content using interchangeable encryption key
US7760873B2 (en)*2006-06-302010-07-20Intel CorporationMethod and a system for a quick verification rabin signature scheme
US20080005030A1 (en)*2006-06-302008-01-03Scientific-Atlanta, Inc.Secure Escrow and Recovery of Media Device Content Keys
US20080002825A1 (en)*2006-06-302008-01-03Shay GueronMethod and a system for a quick verification rabin signature scheme
US9137480B2 (en)*2006-06-302015-09-15Cisco Technology, Inc.Secure escrow and recovery of media device content keys
US8265600B2 (en)2006-10-192012-09-11Qualcomm IncorporatedSystem and method for authenticating remote server access
US20080098225A1 (en)*2006-10-192008-04-24Mark Wayne BaysingerSystem and method for authenticating remote server access
US7979054B2 (en)*2006-10-192011-07-12Qualcomm IncorporatedSystem and method for authenticating remote server access
US20080256358A1 (en)*2007-04-122008-10-16Xerox CorporationSystem and method for managing digital certificates on a remote device
US8261080B2 (en)*2007-04-122012-09-04Xerox CorporationSystem and method for managing digital certificates on a remote device
US8291221B2 (en)*2007-08-142012-10-16Yeda Research & Development Co. Ltd.Method and apparatus for implementing a novel one-way hash function on highly constrained devices such as RFID tags
US20130003973A1 (en)*2007-08-142013-01-03Yeda Research & Development Co. Ltd.Method and apparatus for implementing a novel one-way hash function on highly constrained devices such as rfid tags
WO2009023550A1 (en)*2007-08-142009-02-19Yeda Research & Development Co. Ltd.A method and apparatus for implementing a novel one-way hash function on highly constrained devices such as rfid tags
US20110271105A1 (en)*2007-08-142011-11-03Yeda Research & Development Co. Ltd.Method and apparatus for implementing a novel one-way hash function on highly constrained devices such as rfid tags
US20090150671A1 (en)*2007-12-062009-06-11Hiroshi AbeCommunication system and communication terminal device
US8666408B2 (en)2008-07-152014-03-04Lg Electronics Inc.Method of supporting location privacy
US20120172002A1 (en)*2008-07-152012-07-05Lg Electronics Inc.Method of supporting location privacy
US8676198B2 (en)*2008-07-152014-03-18Lg Electronics Inc.Method of supporting location privacy
US20100067698A1 (en)*2008-09-102010-03-18Lg Electronics Inc.Method for selectively encrypting control signal
US8582771B2 (en)2008-09-102013-11-12Lg Electronics Inc.Method for selectively encrypting control signal
US20110191129A1 (en)*2010-02-042011-08-04Netzer MoriyaRandom Number Generator Generating Random Numbers According to an Arbitrary Probability Density Function
US20110213711A1 (en)*2010-03-012011-09-01Entrust, Inc.Method, system and apparatus for providing transaction verification
US20150195275A1 (en)*2010-10-062015-07-09Prima Cinema, Inc.Secure device authentication protocol
US8656484B2 (en)2010-12-282014-02-18Authernative, Inc.System and method for mutually authenticated cryptographic key exchange using matrices
US8621227B2 (en)2010-12-282013-12-31Authernative, Inc.System and method for cryptographic key exchange using matrices
US9191378B2 (en)*2012-02-272015-11-17Kabushiki Kaisha ToshibaCommunication apparatus and communication method
US20130227290A1 (en)*2012-02-272013-08-29Kabushiki Kaisha ToshibaCommunication Apparatus and Communication Method
EP2940883A3 (en)*2014-04-292016-01-27LSIS Co., Ltd.Power system
US9603014B2 (en)2014-04-292017-03-21Lsis Co., Ltd.Power system
US11831787B2 (en)2015-05-032023-11-28Ronald Francis Sulpizio, JR.Temporal key generation and PKI gateway
US10205598B2 (en)*2015-05-032019-02-12Ronald Francis Sulpizio, JR.Temporal key generation and PKI gateway
WO2017065903A1 (en)*2015-10-142017-04-20Sony Interactive Entertainment America LlcFast multicast messaging encryption and authentication
US10171479B2 (en)2015-10-142019-01-01Sony Interactive Entertainment America LlcFast multicast messaging encryption and authentication
US9843592B2 (en)2015-10-142017-12-12Sony Interactive Entertainment America LlcFast multicast messaging encryption and authentication
US10460083B2 (en)2015-11-042019-10-29Screening Room Media, Inc.Digital credential system
US10339278B2 (en)2015-11-042019-07-02Screening Room Media, Inc.Monitoring nearby mobile computing devices to prevent digital content misuse
US10417393B2 (en)2015-11-042019-09-17Screening Room Media, Inc.Detecting digital content misuse based on digital content usage clusters
US10423762B2 (en)2015-11-042019-09-24Screening Room Media, Inc.Detecting digital content misuse based on know violator usage clusters
US10430560B2 (en)2015-11-042019-10-01Screening Room Media, Inc.Monitoring digital content usage history to prevent digital content misuse
US12216743B2 (en)2015-11-042025-02-04Sr Labs, Inc.Pairing devices to prevent digital content misuse
US10395011B2 (en)2015-11-042019-08-27Screening Room Media, Inc.Monitoring location of a client-side digital content delivery device to prevent digital content misuse
US10409964B2 (en)2015-11-042019-09-10Screening Room Media, Inc.Pairing devices to prevent digital content misuse
US11941089B2 (en)2015-11-042024-03-26Sr Labs, Inc.Pairing devices to prevent digital content misuse
US11227031B2 (en)2015-11-042022-01-18Screening Room Media, Inc.Pairing devices to prevent digital content misuse
US11853403B2 (en)2015-11-042023-12-26Sr Labs, Inc.Pairing devices to prevent digital content misuse
US10129029B2 (en)*2016-06-162018-11-13International Business Machines CorporationProofs of plaintext knowledge and group signatures incorporating same
US20170366349A1 (en)*2016-06-162017-12-21International Business Machines CorporationProofs of Plaintext Knowledge and Group Signatures Incorporating Same
US9973342B2 (en)*2016-06-162018-05-15International Business Machines CorporationAuthentication via group signatures
US10452819B2 (en)2017-03-202019-10-22Screening Room Media, Inc.Digital credential system

Also Published As

Publication numberPublication date
EP0691055A4 (en)1998-05-06
EP0691055B1 (en)2000-12-13
US5406628A (en)1995-04-11
CA2157011C (en)1999-03-30
DE69426416D1 (en)2001-01-18
JPH08507619A (en)1996-08-13
EP0691055A1 (en)1996-01-10
CA2157011A1 (en)1994-09-15
WO1994021067A1 (en)1994-09-15
DE69426416T2 (en)2001-07-26

Similar Documents

PublicationPublication DateTitle
US5299263A (en)Two-way public key authentication and key agreement for low-cost terminals
US5222140A (en)Cryptographic method for key agreement and user authentication
US5150411A (en)Cryptographic system allowing encrypted communication between users with a secure mutual cipher key determined without user interaction
JuangEfficient password authenticated key agreement using smart cards
Beller et al.Privacy and authentication on a portable communications system
CA2596500C (en)Method and structure for challenge-response signatures and high-performance secure diffie-hellman protocols
US5588061A (en)System and method for identity verification, forming joint signatures and session key agreement in an RSA public cryptosystem
US5796833A (en)Public key sterilization
JP2606419B2 (en) Cryptographic communication system and cryptographic communication method
US5313521A (en)Key distribution protocol for file transfer in the local area network
US7221758B2 (en)Practical non-malleable public-key cryptosystem
BoydModern data encryption
CN110519226B (en)Quantum communication server secret communication method and system based on asymmetric key pool and implicit certificate
Bellare et al.Translucent cryptography—an alternative to key escrow, and its implementation via fractional oblivious transfer
Shimbo et al.Cryptanalysis of several conference key distribution schemes
KwonVirtual software tokens-a practical way to secure PKI roaming
Preneel et al.Cryptographic hash functions: an overview
ShaoCryptographic systems using a self-certified public key based on discrete logarithms
Ki et al.Privacy-enhanced deniable authentication e-mail service
ConstantinescuAuthentication protocol based on ellipitc curve cryptography
Kwon et al.A forward-secure e-mail protocol without certificated public keys
ShimVulnerabilities of generalized MQV key agreement protocol without using one-way hash functions
Kim et al.Secure authenticated key exchange protocol based on EC using signcryption scheme
Lim et al.Authenticated session keys and their server-aided computation
Laud et al.Privacy-preserving server-supported decryption

Legal Events

DateCodeTitleDescription
ASAssignment

Owner name:BELL COMMUNICATIONS RESEARCH, INC., NEW JERSEY

Free format text:ASSIGNMENT OF ASSIGNORS INTEREST.;ASSIGNORS:BELLER, MICHAEL J.;YACOBI, YACOV;REEL/FRAME:006480/0176;SIGNING DATES FROM 19930302 TO 19930303

STCFInformation on status: patent grant

Free format text:PATENTED CASE

FEPPFee payment procedure

Free format text:PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAYFee payment

Year of fee payment:4

ASAssignment

Owner name:TELCORDIA TECHNOLOGIES, INC., NEW JERSEY

Free format text:CHANGE OF NAME;ASSIGNOR:BELL COMMUNICATIONS RESEARCH, INC.;REEL/FRAME:010263/0311

Effective date:19990316

FPAYFee payment

Year of fee payment:8

ASAssignment

Owner name:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT

Free format text:SECURITY AGREEMENT;ASSIGNOR:TELCORDIA TECHNOLOGIES, INC.;REEL/FRAME:015886/0001

Effective date:20050315

FPAYFee payment

Year of fee payment:12

ASAssignment

Owner name:TELCORDIA TECHNOLOGIES, INC., NEW JERSEY

Free format text:TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:019520/0174

Effective date:20070629

Owner name:TELCORDIA TECHNOLOGIES, INC.,NEW JERSEY

Free format text:TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT;REEL/FRAME:019520/0174

Effective date:20070629

ASAssignment

Owner name:WILMINGTON TRUST COMPANY, AS COLLATERAL AGENT, DEL

Free format text:SECURITY AGREEMENT;ASSIGNOR:TELCORDIA TECHNOLOGIES, INC.;REEL/FRAME:019562/0309

Effective date:20070629

Owner name:WILMINGTON TRUST COMPANY, AS COLLATERAL AGENT,DELA

Free format text:SECURITY AGREEMENT;ASSIGNOR:TELCORDIA TECHNOLOGIES, INC.;REEL/FRAME:019562/0309

Effective date:20070629

FEPPFee payment procedure

Free format text:PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text:PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

ASAssignment

Owner name:BELL COMMUNICATIONS RESEARCH, INC., NEW JERSEY

Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BELLER, MICHAEL J.;YACOBI, YACOV;REEL/FRAME:022288/0991;SIGNING DATES FROM 20090209 TO 20090211

ASAssignment

Owner name:TELCORDIA TECHNOLOGIES, INC., NEW JERSEY

Free format text:RELEASE OF SECURITY INTEREST;ASSIGNOR:WILMINGTON TRUST COMPANY;REEL/FRAME:022408/0410

Effective date:20090220

Owner name:TELCORDIA TECHNOLOGIES, INC.,NEW JERSEY

Free format text:RELEASE OF SECURITY INTEREST;ASSIGNOR:WILMINGTON TRUST COMPANY;REEL/FRAME:022408/0410

Effective date:20090220

ASAssignment

Owner name:TELCORDIA LICENSING COMPANY LLC, NEW JERSEY

Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TELCORDIA TECHNOLOGIES, INC.;REEL/FRAME:022878/0821

Effective date:20090616

ASAssignment

Owner name:TELCORDIA TECHNOLOGIES, INC.,NEW JERSEY

Free format text:RELEASE;ASSIGNOR:WILMINGTON TRUST COMPANY, AS COLLATERAL AGENT;REEL/FRAME:024515/0622

Effective date:20100430

Owner name:TELCORDIA TECHNOLOGIES, INC., NEW JERSEY

Free format text:RELEASE;ASSIGNOR:WILMINGTON TRUST COMPANY, AS COLLATERAL AGENT;REEL/FRAME:024515/0622

Effective date:20100430

ASAssignment

Owner name:TTI INVENTIONS C LLC, DELAWARE

Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:TELCORDIA LICENSING COMPANY LLC;REEL/FRAME:025331/0854

Effective date:20100128
[8]ページ先頭
©2009-2025 Movatter.jp